I’m looking for some feedback from users that have tried both the new Bitwarden Autheticator app and Authy for TOTP 2FA.
What are the pros and cons of each? Features? Backups? Stability?
Authy is generally not recommended because:
- It is closed-source.
- It recently had a data breach.
- It doesn’t encrypt website URLs.
- It does not allow data to be exported.
- It can delete your TOTP from sites that use Authy integration (e.g., Twitch).
- It no longer has a Desktop app.
5 Likes
Interesting points. I was aware that Authy recently discontinued desktop support and their recent breach.
Perhaps, Bitwarden documentation needs to be updated to reflect any new opinons since I was considering Authy primarily due to their mention in the Bitwarden help documents. @bw-admin
Are there any other features that make Bitwarden Autheticator superior to Authy? How does it compare in terms of compartmentalization, for example - if/when BW servers are breached, is the BW Autheticator data stored on a separate server/location to BW Password Manager?
This is from their official Help Center: Export or Import Tokens in the Authy app Not Supported.
I’m fairly sure that Bitwarden Authenticator only stores your data on your local device (although I believe that you have an option to back up your data to a Google drive).
I will look more into it. If BW Authenticator offers that in addition to backing up to iCloud (for Apple devices, of course) then I can see myself using it over Authy. I really liked the way Authy propagated backups between all your various devices and your desktop client when they supported it.
I just checked the Authy app and can confirm that there is only one form of seed backup (iCloud) and it does NOT allow vault import or export. I feel Bitwarden help documentation should really consider removing Authy recommendation. @grb
4 Likes
Any info on this available? Thank you.
Bringing this to your attention, thank you @go12 @kspearrin
This is covered in the Help Center FAQ:
Q: How is my data stored and protected?
A: Your authentication keys (sometimes referred to as “secret keys” or “TOTP seeds”) and all associated metadata are stored in a local database on your device. This data is not synced to Bitwarden servers. A backup of your data is made by your device’s cloud backup system, for example by iCloud or Google One. To protect the data in your app, you can also setup biometric login.
1 Like
I would suggest going to the Help Center documentation pages in question, scrolling down to the bottom of the page, and clicking the “Make a suggestion to this page” link:
1 Like
Im sure ill feel more comfortable having a 2FA with the owners of bit warden if that is possible.
1 Like
@Alsuwaidi Welcome to the fourm!
You can download Bitwarden’s free 2FA Athenticator app for either iOS devices or Android devices (click the links).
1 Like
Thank you @grb, this is exactly the information I was looking for! Currently making the switch from Authy to BW Authenticator.
I will go ahead and use the “Make a suggestion to this page” feature going forward! You’ve been a huge help.
2 Likes
Does Authenticator sync accounts between Android and iOS or are they separate? It’s a deal breaker for me if it doesn’t.
Currently, the Authenticator works only on your local device, with no syncing whatsoever. However, according to the published development roadmap, implementation of syncing functionality is on the agenda for near-term development.
1 Like
Is Bitwarden Authenticator data and TOTP seeds stored in an encrypted format on the device?
I have made the switch to BW Authenticator, for anyone interested I was also considering:
2FA Authenticator (2FAS)
OTP Auth
FreeOTP Authenticator
The documentation is not explicit on this point, but it wouldn’t make sense if seeds were not encrypted. And indeed, the source code reveals that AES-GCM is used for encryption:
1 Like
Welcome to the forums @Alsuwaidi I hope you’re enjoying your time here thus far!
I actually wasn’t aware of the recent data breach. Thanks for informing us!
1 Like