Open Source

44702 readers

205 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

Dedicated Authenticators from Password Manager vendors (sh.itjust.works)

submitted 2 years ago by brrt@sh.itjust.works to c/opensource@lemmy.ml

15 comments fedilink hide all child comments

Does anyone know why there are no dedicated Authenticator apps made by for example Proton or Bitwarden?

I’m aware that they have TOTP baked into their password managers but you still need to have at least one separate solution to log into your vault.

all 17 comments

sorted by: hot top controversial new old

[–] nexusband@lemmy.world 8 points 2 years ago

I have a yubikey for the Bitwarden vault as second factor

[–] Helix@feddit.de 6 points 2 years ago (1 children)

Why do you need that? Just use one of the already existing ones like Aegis.

[–] brrt@sh.itjust.works 1 points 2 years ago

When have more options become a bad thing?

[–] Schlemmy@lemmy.ml 3 points 2 years ago* (last edited 2 years ago) (1 children)

Bitwarden has otp built in but you have to buy premium. Totally worth it.

[–] Fisch@lemmy.ml 2 points 2 years ago (1 children)

Should probably mention that premium is only 10 bucks a year. I also don't just pay for the feature itself but also to support Bitwarden, it's completely free and open source after all.

[–] Schlemmy@lemmy.ml 1 points 2 years ago

Same. 10 bucks is a steal.

[–] beeng@discuss.tchncs.de 2 points 2 years ago

The best authenticator is https://github.com/jamie-mh/AuthenticatorPro

FOSS.

Didn't realise you could have a good authenticator until I used this.

[–] GravitySpoiled@lemmy.ml 1 points 2 years ago (1 children)

Why do you need a separate one?

[+] voracitude@lemmy.world 6 points 2 years ago* (last edited 2 days ago) (1 children)

[deleted]

[–] GravitySpoiled@lemmy.ml -1 points 2 years ago* (last edited 2 years ago) (1 children)

No. If anyone has access to your email or master password, they can simply reset any other account. How would your difficult (one time used) password of protonmail be leaked? Proton doesn't have it. Only if you've got powerful malware on your device and then it doesn't matter in which app your shit is stored.

[–] redcalcium@lemmy.institute 1 points 2 years ago* (last edited 2 years ago) (2 children)

I keep google authenticator around just to store bitwarden's totp. But I also store bitwarden's totp inside bitwarden, so I can use bitwarden's mobile client to get bitwarden's totp when I log into bitwarden on another device.

[–] Helix@feddit.de 4 points 2 years ago (1 children)

That's what I'd recommend. Why Google and not Aegis or another non-Google FOSS app?

[–] redcalcium@lemmy.institute 1 points 2 years ago* (last edited 2 years ago)

Nothing in particular, all my totp was in google authenticator and over the years I migrated them all to lastpass then bitwarden, and the only thing left there is now bitwarden totp.

[–] Schlemmy@lemmy.ml 1 points 2 years ago

Sound like a 'yo, dawg'-meme

[–] Extrasvhx9he@lemmy.today 1 points 2 years ago

Kinda think its to keep costs down. They already have their builtin totp generators so making a separate application seems kinda redundant. Unless you mean why they don't make their own hardware security key? That's probably also to keep costs down (materials, vendors, marketing, upkeep, etc...). I would also like to have a rival with the same credibility for yubikey though in case something happens to the company.