this post was submitted on 29 Aug 2023
87 points (95.8% liked)
Open Source
31118 readers
619 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I hope you're not also using Bitwarden as your password manager. Having your authenticator and your password manager accessible in the same place, with the same account, completely defeats the point of 2FA.
I am using it as my password manager, and I understand it puts all my eggs in the Bitwarden basket. But I don't think it defeats the purpose of 2FA. For example, someone getting my Google password doesn't mean they have my TOTP needed to get into my Google account, or any other account with 2FA.
If you are able to open your password vault from the device you use as a second factor (which you probably do) the whole point is defeated anyways. Multiple apps on the same device won't save you.
But I have Bitwarden setup to need 2fa.
It's passwords all the way down!
It's only as weak as the weakest link. If you're using a strong and unique password as well as a strong 2FA (FIDO2) to access your Bitwarden account then it's an acceptable trade-off.