• haui
    link
    fedilink
    68 months ago

    Not sure if this applies but incidentally I changed my otp manager from microsoft to vaultwarden today. Adding security keys in the process is mostly two additional clicks. Of the 20 accounts I migrated, only about 7 had the option and only with one it was more work than adding totp.

    • @[email protected]
      link
      fedilink
      English
      38 months ago

      Yeah I use bitwarden and it was pretty panless. My only issue was on github the addon didn’t pick up on the passkey initially, had to make a new one.

      • haui
        link
        fedilink
        28 months ago

        Happy to hear it works for others as well. :)

    • Anas
      link
      18 months ago

      Doesn’t using the same service for password management and OTP defeat the purpose of 2FA?

      • haui
        link
        fedilink
        18 months ago

        Its a pretty tough decision what to use for this imo since technically, you‘re right. Then again, you already have to log into your os and unlock the password safe to get the passwords or the otps.

        The reason why mfa is done is if your password leaks you are not completely effed. You can obviously use a second selfhosted service with a different password but chances are most people would rather use something easier.

        Also, passkeys work the same way. They work if you are logged into a device. That way you get no additional password except you can only use it from the device in question.