If proprietary app is better and more robust I am willing to try it and assess it myself.

  • peregus@lemmy.world
    link
    fedilink
    arrow-up
    26
    arrow-down
    1
    ·
    1 year ago

    I don’t think that it’s safe to leave both authentication factors in a single app.

    • dana@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      It depends on your risk profile, but yes, it’s less secure. For some people the convenience is worth the risk, for others maybe not. If you opt to store 2fa keys in Bitwarden you’d definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.

      • peregus@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        If you opt to store 2fa keys in Bitwarden you’d definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.

        With the risk of getting locked out if all your devices get logged out of Bitwarden! 🙈

        • dana@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          To clarify, you’d want to enable 2fa for Bitwarden and store the token for that in a different authenticator app - that way you can still log in to Bitwarden without already needing to be logged in

      • blkpws@lemmy.ml
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Two factors is like a second step, the 2FA is normally this token (TOTP) that is generated every X minutes, so if someone steals your password, they still need another number that they will not get unless they hacked your device, and if they hacked your device, they probably have access to many of your data or access to that secret token to log in. Doesn’t mean they should be separated, but you could, still the safest way to keep all secure isn’t splitting passwords and tokens but using a hardware key. That’s my view.