I have used Bitwarden for a few years happily, but have been really annoyed at the UI changes in the chrome extension<p>Not only does it unnecessarily jar me out of my memorized places to click, but it also just takes 2 clicks to copy a password instead of 1. Seems like a small deal but it is genuinely a bad UI.
I have been using Aegis [1], a FOSS (GPLv3) TOTP authenticator app, for the past years.<p>It supports:<p>- Local encrypted backups. You can sync these to where ever you like on your own terms. I automated uploading mine to my local NextCloud instance.<p>- Importing from other authenticator apps, so you can easily migrate.<p>- Exporting entries so that you are not vendor locked (<i>cough cough</i> Authy).<p>- Customization.<p>- No mandatory cloud bs, LLM integration, tracking, ...<p>[1] <a href="https://github.com/beemdevelopment/Aegis">https://github.com/beemdevelopment/Aegis</a>
It doesn’t support syncing between devices.<p>An alternative is Ente Auth: <a href="https://news.ycombinator.com/item?id=40883839">https://news.ycombinator.com/item?id=40883839</a><p>Edit: Since there seems to be some confusion, this submission is about Bitwarden Authenticator, a free mobile app for TOTP, not about the Bitwarden password manager, which does support syncing, and which in the paid Premium plan also includes an authenticator.
> In this initial release, your data will be backed up through the mobile operating system's backup services. Please make sure your device is turned on and configured for backups. Bitwarden Authenticator data is included in the OS backups and will be restored with them.<p>At least it's not defaulting to their own cloud service backend. This has always been my problem with these types of apps. Although, I'm not sure I fully understand the above description. I'm guessing if you have an iPhone with iCloud backup enabled, it means data is backed up to iCloud.
Big fan of Bitwarden, albeit you are putting a single point of failure on all of your secure info.<p>I'd love to know what others do to maximise both convenience and security.<p>For two-factor authentication, I wouldn't use the same service for both layers. Seems daft to use Bitwarden as both the password keeper and the TOTP provider. Not sure if that's a cryptographically coherent view, but hey.
Doesn't appear to have any way of exporting 2FA tokens?<p>I _very narrowly_ dodged being locked in to authy by having tokens in there that couldn't be exported, and authy is a steaming pile of... Never again will I be foolish enough to not maintain ownership of the actual 2fa tokens my codes are generated from.
I'm confused, doesn't BitWarden already include this functionality? I've been using it for years, have they split it out into a separate app?<p>I tend to use Aegis for the two services' TOTP codes that I don't put into BitWarden.
At some point Microsoft authenticator decided that 2fa from a smartwatch shouldn't work (that happened when they introduced the 2 digit number verification which could still work fine on a watch). I have yet to find a replacement for that feature. If anyone figure it out please let me know!
I just literally spent a week transferring all my authy keys to Bitwarden's somewhat hidden OTP generator feature. nice to see they finally made a standalone app. Now I'm gonna find out if both are integrated..... (I really hope so)
I'd like to see them add support for including attachments in your Bitwarden exports before i go putting any more critical data into their ecosytem.<p>It has been a feature request for close to 6 years now: <a href="https://community.bitwarden.com/t/allow-attachments-to-be-exported-when-using-export-data/835" rel="nofollow">https://community.bitwarden.com/t/allow-attachments-to-be-ex...</a>
I was a LastPass client then they got hacked and I moved to bitwarden. feel better with their app integration and it feels good.<p>yet I wouldn't use their 2fa app, just because if they get hacked at some point I don't want passwords and 2FA stored with the same company<p>doing great with authy in that front
Does this have lock in like Authy, where it’s not possible to export the codes? Does it not work on desktop since the page says iOS and Android? And isn’t it a bad idea to use both the password manager and Authenticator from the same company?
The “An Error Occurred” database corruptions last year convinced me I can’t trust bitwarden any more.<p>Any suggestions for something I can host at home? It needs mac, linux and ios clients and (unlike bitwarden) must gracefully handle the server being unavailable.
I had exported my tokens out of Authy when they had killed the desktop version, and imported into KeypassXC.<p>I find keypassxc which I use for managing passwords and now TOTP to be the best option for me.<p>I still use Authy on mobile but having an offline backup is great.
TOTP is bad. TOTP is phishable. Stop using or promoting TOTP.<p>We have modern authentication called WebAuthn, supported by Bitwarden proper as well as physical security keys and iOS’s native password manager. Use it.
Funny this pops up today, I’ve finished migrating form KeepassXC to a self hosted vaultwarden, the official bitwarden apps and briwser extension are super well made, so good so far with the switch.
Bitwarden app itself already integrates two-factor authentication code support.<p>I use the app on both PC (chromium extension) and phone, and I'm happy about it.
Okay. So? HOTP and TOPT are so trivial to implement, you can even use a C64[0] as your 2FA device. Here's my anti-FAQ[1] to their FAQ:<p>---<p>### <i>TOPT ANTI-FAQ</i><p>1. Want a guide to implementing time-based passwords in your app? Here you go: <a href="https://www.freecodecamp.org/news/how-time-based-one-time-passwords-work-and-why-you-should-use-them-in-your-app-fdd2b9ed43c3/" rel="nofollow">https://www.freecodecamp.org/news/how-time-based-one-time-pa...</a><p>2. What was that? You want to do it in Typescript? Okay, here you go: <a href="https://www.npmjs.com/search?q=totp" rel="nofollow">https://www.npmjs.com/search?q=totp</a><p>3. Want to do it in Python? Unfortunately, you only have 275 choices: <a href="https://pypi.org/search/?q=totp&o=-created" rel="nofollow">https://pypi.org/search/?q=totp&o=-created</a><p>4. How about on an Arduino? <a href="https://github.com/lucadentella/TOTP-Arduino">https://github.com/lucadentella/TOTP-Arduino</a><p>5. Fuck it, we'll do it ~~live~~ in Emacs!<a href="https://www.masteringemacs.org/article/securely-generating-totp-tokens-emacs" rel="nofollow">https://www.masteringemacs.org/article/securely-generating-t...</a><p>Y'all get the point by now, I'm sure.<p>---<p>[0]: <a href="https://www.gadgetany.com/news/now-the-commodore-64-is-a-two-factor-authentication-device/" rel="nofollow">https://www.gadgetany.com/news/now-the-commodore-64-is-a-two...</a><p>[1]: "Anti"-FAQ, because I'd like to discourage people from wasting brain cycles on thinking that a time-based authenticator app is something worth announcing.
So I’ve been a happy Bitwarden subscriber since about 2020. I originally picked it because it seemed like a good compromise between open source options like keepassxc and something less trustworthy like one password.<p>I haven’t really be paying much attention to Bitwarden lately, but I’ve heard they’ve taken vc/got bought out or something. So for those more in the know, is it time to start migrating? Or does Bitwarden still seem like it’s on a good path?