Bitwarden just launched a new authenticator app. Here’s what it means to users. | Bitwarden Blog
bitwarden.com
Storing 2FA codes is just the beginning. Bitwarden aims to add defense in depth to authentication.

Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.

In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.

There is a comprehensive roadmap planned with additional functionality.

Available for iOS and Android

  • @CoreidanEnglish
    79 months ago

    Jesus fuck. How many more authentication apps do we need that all do the same thing?

    At work I need at least 4-5 different authentication apps because every customer has something different.

    We don’t need another.

          • Rolling ResistanceEnglish
            39 months ago

            Wait until your workplace requires you to only use MS Authenticator push notifications 😭 and HOTP occasionally…

            • @[email protected]English
              19 months ago

              Is that a thing? Usually those have a fallback to a regular TOTP code.

              I use Okta for work because we integrate SSO with it everywhere, but I could technically enter a code every time and swap out the Okta app for the other TOTP app I use.

              My company is a MS shop, but they use TOTP as the second factor, and even that is optional. My department uses Okta, which is a completely separate system (we’re a weird, separate unit entirely from most of the rest of the company).

          • @[email protected]English
            19 months ago

            I did too until it kept rejecting my tokens frequently - changing to M$ Authenticator “solved” it.

            • @[email protected]English
              29 months ago

              They must now require HOTP or something now. TOTP doesn’t care what machine it’s on, whereas HOTP does (well, you could spoof it if you really wanted).

        • @[email protected]English
          29 months ago

          They’re probably using HOTP or something else, not TOTP. TOTP is literally just the key + any clock. Or maybe it’s the “click button to authenticate” and not the “enter code to authenticate,” which might not be HOTP or TOTP, but something else entirely (e.g. Steam’s system is neither AFAIK).

          If it’s TOTP, you just need to get the key and can use any authenticator app.

    • @[email protected]English
      149 months ago

      4-5 TOTP apps? So far, when, e.g. Microsoft or Google have insisted use of their own Authenticator app is required, it’s worked fine for me using Ente Auth or similar just by entering the code / QR.

      • @[email protected]English
        39 months ago

        Yup, most 2FA is just TOTP, which is a pretty simple, open standard and is hardware independent. All you need is a key (the QR code or the numbers) and access to a reliable time source and you can make a TOTP app on anything.

        I use Aegis on my phone and Authenticator on Linux (some GTK app), and they both produce identical codes for the same key.

      • millionEnglish
        19 months ago

        This even works with some apps that hide the standard part - like Symantec VIP - it’s possible to extract what they are doing and use a standard TOTP app instead of VIP.

    • @blazeknaveEnglish
      29 months ago

      Random number generator 2fa?