this post was submitted on 08 Jan 2024
222 points (96.2% liked)

Technology

58303 readers
14 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 10 months ago (3 children)

I just want a selfhostable Authy clone. Is that too much to ask?

[–] [email protected] 21 points 10 months ago (3 children)

Bitwarden can do everything Authy can afaik

[–] [email protected] 13 points 10 months ago (3 children)

It is a bad idea to have your password manager and 2FA be the same app though. You want to spread it around so one attack can't break your logins.

[–] [email protected] 8 points 10 months ago

You aren't wrong and I should rethink that. But BW is so damn handy.

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

Good point.

Is it realistic (i.e. is it secure enough) to self-host 2 Bitwarden, one for passwords, one for authentication?

Or would splitting that between 2 Bitwarden logins work?

I just throwing stuff at the wall, I haven't thought either of these through yet.

[–] [email protected] 1 points 10 months ago

While that is true, the risk of someone brute forcing into an account of mine on the login side than on mine. That's what I use 2FA against. If they managed to break into my vault, they'd have broken into my Mailserver and whatnot, so....

[–] [email protected] 9 points 10 months ago (3 children)

BitWarden can generate 2FA tokens? I don't see any option for that on Android

[–] [email protected] 13 points 10 months ago (1 children)

Vaultwarden can. Self hosting isn't for everyone though.

[–] [email protected] 15 points 10 months ago (2 children)

Given that the comment was a demand for self hostable Authy, I think they might wanna :P

[–] [email protected] 5 points 10 months ago* (last edited 10 months ago) (1 children)

Ha. Apparently two comments worth of context is too much for me to handle.

[–] [email protected] 3 points 10 months ago

Lol.

Welcome to the club, mate! 🤣

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago)
[–] [email protected] 9 points 10 months ago (3 children)

Need to pay for a subscription for TOTP. It’s like $10/year for the personal plan.

[–] [email protected] 7 points 10 months ago

Which is damn near cheap compared to other companies. I personally use dashlane (I know I know I should self host but I don't trust myself for something as important as passwords) and that's $60 for their premium package.

[–] [email protected] 6 points 10 months ago (1 children)

I love my bitwarden but is it less secure to have all your eggs in one basket? That's the main reason I've been using separate apps so far.

[–] [email protected] 1 points 10 months ago

It may very well be, especially if the basket your eggs are in is full of holes. I always figure, as long as it isn’t a pad of paper on a desk, or a company that regularly makes headlines due to security breaches, I should be okay.

[–] [email protected] 2 points 10 months ago

Cool, I might check it out then. I knew I'd have to move off of authy eventually.

[–] [email protected] 8 points 10 months ago (2 children)
[–] [email protected] 6 points 10 months ago (2 children)
[–] [email protected] 4 points 10 months ago (2 children)

I self-host, but I still pay for their premium because it's a damn good product I want to see kept maintained for years to come.

I mean, cmon, it's $10. Almost cheaper than a banana.

[–] [email protected] 3 points 10 months ago (1 children)
[–] [email protected] 2 points 10 months ago

Glad someone caught that.

[–] [email protected] 1 points 10 months ago (1 children)

That's a good point.

I'm not paying currently because I don't use their online service.

Adding them to my "Annual Donate to Software I find Useful" list, that I just started this year.

I despise subscriptions. For apps that have a hosted portion, I understand them, but I'd still rather pay annually.

[–] [email protected] 2 points 10 months ago (1 children)

It's $10 annually in case you thought it was monthly. I'd imagine if you went in and subbed, then cancelled the sub, you'd still have your year you paid for. But yah, I'd like an option to not auto-renew, even though I do.

[–] [email protected] 1 points 10 months ago

Oh, I saw that it was $10 for the year. That's crazy cheap.

I just want my stuff on my stuff, after the Lastpass debacle last year - it was the last straw to push me into self hosting everything.

[–] [email protected] 1 points 10 months ago
[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)
[–] [email protected] 4 points 10 months ago

Yeah, I already run Vaultwarden. But like others I don't really want to combine my tokens and passwords.

[–] [email protected] 4 points 10 months ago (1 children)

I just use FreeOTP+ on my phone. It's a fork of a Red Hat authenticator, and completely open source and available on F-Droid.

No sync, but you can export the TOTP secrets if you want to back them up/move them.

[–] [email protected] 3 points 10 months ago

Thanks was looking for something like this

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

Bitwarden has TOTP support with a pro license. Or you can just selfhost (using vaultwarden) and have all the features instead.