this post was submitted on 19 Aug 2023
145 points (98.0% liked)

Open Source

31358 readers
176 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

If proprietary app is better and more robust I am willing to try it and assess it myself.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 1 year ago (3 children)

Bitwarden and it's fully cross-platform. I like that it auto copies the 2FA pin to clipboard after filling in login - cuts out extra clicks and copy movements.

[–] [email protected] 11 points 1 year ago (2 children)

Vaultwarden is also a great and simple to self-host backend written in Go that runs in Docker.

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago

And very easy to set up and run without docker! For, you know, us folks with a BSD server 🙂

[–] [email protected] 2 points 1 year ago (1 children)

Kinda makes two factor authentication useless as they are both stored in the same place.

[–] [email protected] 3 points 1 year ago (1 children)

I think it is more about passwords being accessible after hacks etc. What you are referring to, is if Bitwarden were to be hacked, both are accessible. Online Bitwarden has securely hashed all the data, so that is pretty useless if anyone gets it. On my devices I use biometric login, and on desktop a Yubiky as 2FA into Bitwarden. I also have it set to request login every time the browser is restarted, just in case someone were to steal the session data from the browser.

But your point is very valid if a user were to have a weak password for their Bitwarden, or not to have a good 2FA for their Bitwarden login. You want to keep that basket of eggs as safe as you can.

[–] [email protected] 0 points 1 year ago (1 children)

The whole point of 2FA is for them to be completely separate.

[–] [email protected] 3 points 1 year ago (1 children)

But if the access to the combination of the two requires a separate 2FA (my Yubikey), then it is virtually separated. It is not just one password and you inside Bitwarden. One could argue otherwise, that having a 2FA app on the same phone as your password manager, is also not separate, if the same PIN/biometric gives access to that phone with the two apps on.

[–] [email protected] 2 points 1 year ago (1 children)

Do you use your Yubikey for 2FA or do you use it instead of a password?

If it's the former then I guess it's fine.

[–] [email protected] 1 points 1 year ago

Yes, just for 2FA into Bitwarden's login as it's 2FA after password.

[–] [email protected] 2 points 1 year ago (1 children)

"Authenticator key (TOTP) storage is available to all accounts. TOTP code generation requires premium or membership to a paid organization (families, teams, or enterprise)."

[–] [email protected] 6 points 1 year ago (1 children)

It’s $10/y and a steal for that excellent software. I pay it and self host it just to support them.