I currently use TOTP for 2FA in Bitwarden, which works fine but I only use it once and remember it the rest of the time because it’s annoying to enter the code every time. Which is not the optimal setup for 2FA.
Instead, I would like to propose another 2FA provider: The Bitwarden mobile app.
Workflow:
- Add a new authorized device in your 2FA providers
- Login to your web vault/plugin/desktop application
- Be prompted to tap your fingerprint sensor or enter your PIN (see below)
- Send push notification to your “authorized device”, for example your phone
- Prompt to tap your fingerprint sensor or enter your PIN once clicking on the push notification
- Once authorized on your phone the login on the other device will continue
Example:
Tapping your finger on your phone is a lot quicker than entering a 6 digit code every time you want to login, which would also remove the need to remember 2FA for this device for lazy people like me.
In theory any device could be the authorized device. So you could use your desktop application to authorize your phone or your plugin to authorize your desktop application, depends on how it is implemented. I think mobile app to desktop/plugin would be the most used combination though.