this post was submitted on 16 Jun 2023
22 points (100.0% liked)

Privacy

32165 readers
836 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hey, I need to move one day of Google Authenticator, and I was wondering if their was a project like Bitwarden for 2 Factor Authentication

Take care!

top 47 comments
sorted by: hot top controversial new old
[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (2 children)

Aegis Authenticator for Android: https://getaegis.app/

Raivo OTP for iOS: https://raivo-otp.com/

2FAS however is cross-plataform, open source, and what I'm using right now: https://2fas.com/

[–] [email protected] 2 points 1 year ago

Been using Aegis for a couple years and love it

[–] [email protected] 3 points 1 year ago
[–] [email protected] 3 points 1 year ago (2 children)

You can use Bitwarden Premium for 2FA keys. It's pretty cheap and well worth it to support development ($10/yr).

If you're on Android and don't want to pay for Bitwarden Premium, I'd use something like Aegis Authenticator.

[–] [email protected] 2 points 1 year ago

Yes, I do this too and really like it.

[–] [email protected] 1 points 1 year ago

I personally think it's best to keep 2FA keys out of password managers.

The whole point of 2FA is to have a seconds factor to authenticate you.

If someone gets access to your password vault with your 2FA keys, they have access to all of your accounts - 2FA protected it not. If you keep the keys in another app, they cannot access your accounts nearly as easily.

[–] [email protected] 3 points 1 year ago

Aegis on fdroid

[–] [email protected] 3 points 1 year ago (1 children)

Bitwarden provides a facility for MFA. Though there's an argument to be made against eggs + baskets. It might defeat threw purpose a bit.

I use Aegis which is opensource and easily encrypted and backed up locally. Saved my ass where I accidentally deleted my 2FA for Bitwarden, thus locking me out in circle of shite. Aegis allowed me to roll back and pull in that one missing key without having to redo a load i'd made since the last backup and all was good.

[–] [email protected] 5 points 1 year ago (2 children)

Yea, I think everyone that is saying Bitwarden supports 2FA is missing the point of 2FA. You don’t want it to be in the same place where all your passwords are, otherwise if someone gets access to your passwords they essentially can prove they are you.

That being said, I use a mixture of Authy + Bitwarden. Bitwarden for sites that require it but aren’t really a priority for me to keep separated, and Authy for 2FA codes that I prefer being separate from my passwords.

[–] Kyoyeou 3 points 1 year ago (1 children)

Reading everyone's comments here I thought I would go full Bitwarden, but I get the idea of have the 2 factor's coming from the exact same place

[–] [email protected] 1 points 1 year ago

Yea, the whole point of 2FA is to make it so if your credentials are leaked you aren’t compromised!

[–] galil3o 1 points 1 year ago

This is the way

[–] [email protected] 2 points 1 year ago

Google Authenticator is just a UI for TOTP which is standardized. I've used Authy for many years. But there's also many many implementations: https://search.f-droid.org/?q=totp&lang=en

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

KeePass. You need TOTP plugin for Windows and there is a nice Android app that implements it out of the box. They also support Steam OTP, though it's a bit hard to set up.

There is also KeePassXC if you want a cross-platform client, but I have no idea how good it is as I never used it.

[–] [email protected] 3 points 1 year ago (2 children)

KeepassXC is a really good option. I was using it for a while and it was great but bitwarden syncing is just so convenient.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

I'm just hosting a file server for that. A bit too concerned about giving my passwords to a third party.

[–] JoeKrogan 1 points 1 year ago

You should be, its the keys to the kingdom.

[–] JoeKrogan 1 points 1 year ago

Syncthing is what I and many other use for syncing.

[–] [email protected] 2 points 1 year ago

@Kyoyeou @privacy

On iOS/iPadOS/macOS there’s a fantastic app named “OTP Auth”, highly recommend it.

Link for anyone interested: https://apps.apple.com/app/id659877384

[–] [email protected] 2 points 1 year ago

Yes: Bitwarden.

Idk about the central instance, but I use my bitwarden (specifically vaultwarden) instance for my TOTP keys. I can just autofill and then it copies the current TOTP key and i can paste it in to log into whatever i'm logging into!

[–] [email protected] 2 points 1 year ago (2 children)

Yubikey is a good option. It supports totp for sites that don't support physical keys.

[–] Kyoyeou 2 points 1 year ago

I don't think I'd go with Yubikey, but just because that's what I'm using at work, that's the only reason

[–] [email protected] 1 points 1 year ago (1 children)

I have been tempted to get yubikeys but it seems like a hassle to have two and keep them in "sync".

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

TOTP is available in Bitwarden.

[–] [email protected] 2 points 1 year ago

I use FreeOTP+ on android and WinAuth on windows

[–] [email protected] 2 points 1 year ago

i personally like freeotp made by redhat iirc

[–] [email protected] 1 points 1 year ago

Bitwarden can 2FA. Works like a charm.

[–] [email protected] 1 points 1 year ago

Just plain old TOTP? A lot of applications support it, you could even implement one yourself if you are brave, as the algorithm is very simple (don't do that): https://datatracker.ietf.org/doc/html/rfc6238

[–] [email protected] 1 points 1 year ago

Bitwarden supports OTP codes, you need a premium subscription though

[–] [email protected] 1 points 1 year ago

I use 2FAuth, it works on both mobile and desktop. I moved to that from Google Authenticator.

[–] [email protected] 1 points 1 year ago (1 children)

I personally use yubioath for anything that doesn't support yubikey. Sounds like that isn't a solution for you (maybe a totally different, open source hardware key?).

I'd recommend against putting your 2FA inside bitwarden. It's not a very good second factor if both factors can be exposed by getting into your bitwarden.

[–] Kyoyeou 2 points 1 year ago

It not that isn't absolutely not a solution, but more that I want to split work and life, and I know I could have some remarks if my collegue see the app of the keys used on my not work phone and I could just avoid certain discussions

[–] [email protected] 1 points 1 year ago

You can have your 2FA codes in BitWarden.

People say it defeats the purpose of 2FA but each to their own.

[–] [email protected] 1 points 1 year ago

I use andOTP on Android. Has encrypted backups, supports various OTP protocols, and is just generally a good UX.

[–] JoeKrogan 1 points 1 year ago

If you want an app I would recommend freeotp+ is on fdroid and you can export/import your settings for backup. I use sync thing for this. I

[–] [email protected] 1 points 1 year ago

I've been using Authy for years, but I don't think it's open source.

[–] [email protected] 1 points 1 year ago

If you're interested in moving away from Google Auth, look into a password manager for added security. Along with storing passwords, managers like 1password support 2FA and store your information in the cloud using a Zero Knowledge model. I've been using it for a few years and have not had any reason to use Google Auth.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I use Authy which is great. Much better than google authenticator.

Bitwarden is also great, but I kind of don't want everything to be in one place.

load more comments
view more: next ›