I really hate "two factor" auth. Like, cool, I get it, it let's you pretend you can divest responsibility for security and recovery, but also it means dropping my phone too hard could be a life disrupting event so somehow I don't really feel like this...
-
It takes a really special kind of mind to say that tying your ability to access your accounts to a tiny slippery fragile glass object that is designed to break every two years average so you buy a new one for the benefit of the shareholders is somehow a significant security improvement, but then again maybe this is as close as well get to a public admission that the bar really is that low.
-
@[email protected] I much prefer the use of yubikeys and try to rely on my phone as a backup for this reason, although obviously that carries its own set of risks.
-
@aeva I pay $5/yr to Bitwarden because of exactly this. 2FA is great, it just sucks that the second factor in most cases is a phone and not an identity
-
@sky out of curiosity what happens if you can't make a payment
-
@[email protected] I like TOTP precisely because it *isn't* limited to my phone: I can store the same TOTP code on my phone, laptop, desktop, and external hard drive. Also, I can store all my TOTP codes except for Bitwarden in my Bitwarden vault, and it automates copying them when I use autofill.
On the other hand, I hate 2FA which is limited to a proprietary app that I can only run on my phone (such as Duo Mobile, which I have to use for work). -
[email protected]replied to aeva last edited by [email protected]
@[email protected] @[email protected] Bitwarden stores your TOTP keys along with passwords for free, and you can access them for free. If you fail to pay, then the UI to generate one-time passwords from the keys becomes less convenient, but you still have your data.
You can get around this limitation by copying the keys from Bitwarden into another authenticator app, but then when you want to log in to a site you need to click Bitwarden for your password and then another app for your one-time password. (EDIT: This is what I used to do before I decided the subscription price was worth the convenience. Now I only use separate authenticator apps for logging in to Bitwarden itself.)
You do not lose any data if you fail to pay Bitwarden. Also, Bitwarden stores your password vault (including TOTP keys) both on their servers and locally on your devices, so you can still access it if their servers are offline, or if you don't have internet. If they decide to ban your account for some reason (I haven't heard of this happening but I guess it's possible), you would still have your data locally: it just wouldn't automatically sync anymore.
Of course, this is capitalism, so all of the stuff I just described could go away at any time. They could come out with a new announcement tomorrow saying "from now on, if you stop paying us, we'll delete your data, and we're updating the Bitwarden clients to stop storing your data locally." -
@aeva Why Would You Exclusively Store 2FA Secrets On A Phone?
-
@Detour idk why would you message a complete stranger on the internet with a daft and obnoxious reply? go take a shower man
-
@aeva I'm Not Sure I Understand? Why're You Being So Argumentative?
-
@Detour touch grass
-