I don’t need a separate authenticator app except for one reason. But first, I love how Bitwarden integrates 2FA codes and attachments into the same login file, which products like LastPass don’t. There is only one issue with this: Bitwarden’s own 2FA. If I can’t get into Bitwarden to access the Bitwarden 2FA, this is a big problem. So, I’m forced to keep a separate authenticator app, as well. Google Auth is fine, free, can now be locked with Face ID, and can now generate an export QR code which is very handy. LastPass Auth app was good as it did backups right to your account. If Bitwarden had a way to expose only its own 2FA to the person signing in from the device (via biometrics, for example) before it let you into the vault, this would remove the need for a separate authenticator app for me. Difficult to conceptually accomplish, I imagine.
Hey @222 thanks for the feedback, I personally keep Raivo OTP on my device for this purpose, great little project on Github.
Thanks for the tip, @bw-admin! I will check it out.
Okay, this is actually a powerful, secure authenticator! And it’s open source! Many thanks! Sharing the link for others to check out: https://raivo-otp.com/
Yup, we’ve had them on some of our live community events, great seed export functionality too.
Looks good, although wish there was a windows computer app
Yes, the encrypted key export is great. Apple iCloud sync is great (would love Google, too). But, the bleeding edge feature for an Authenticator is the tap on phone and you can immediately paste in your Mac. Can’t beat that little trick! Great find! Thanks!
Love that one too, saves a lot of time
From my point of view TOTP should just be one of the 2FA-methods you implemented for your Bitwarden account. This way you can get in even if - for whatever reason - one of those methods does not work anymore. Otherwise it is like a lock to which you only have a single key.
Great advice @Peter_H, I also have webauth enabled for accessing the web vault via iOS, and a couple hardware keys.
Isn’t this already the case? At least it is for ios.
https://2fas.com/ is a great option. It’s open source, cross platform and has great support.
They also have a clever browser extension that will send a challenge to the app on your phone asking you to approve a login, upon approving it will send the otp code back to the extension that will then paste it into the browser. It’s makes the experience close to that of having Duo on all of your sites with totp.