Separate password for access to the integrated authenticator (2FA TOTP codes / Authenticator Keys)

Feature Requests Password Manager
1

Separate Password for 2FA

  • I really like the idea of keeping my passwords and my 2FA-Codes in one place (Bitwarden)
  • Sadly that kinda compromises the purpose of 2FA
  • Therefore I’d like to be able to set a separate Password, which I have to fill out before I can access a 2FA-Verification-Code

Feature function

  • Allow users to set up a separate and unique password for 2FA-Verification-Codes/TOTP
  • Bitwarden will ask the user for this password whenever the user tries to copy a 2FA-Code
  • This way Bitwarden can be used to store both the login-data aswell as the TOTP-data without compromising security too much

What do you guys think?

2

If this is that important, to me it looks like it’s better to use a separate solution for your 2FA codes?

3 Likes
3

Yep I do agree in a way - at least regarding the added security of 2FA.
I do just personally really like the idea of having everything in one place, which is my reason to suggest this kind of “midway solution” :slight_smile:

I do get your point though!

1 Like
4

I wouldn’t place my 2fa into bitwarden without this feature. Use of 2fa inside of bitwarden should be protected by a separate password – and bitwarden should encourage its use from a different device. In other words, when on your PC and trying to log into a website, you should use your bitwarden browser extension to fill in the password, then use the bitwarden on your phone to get the TOTP code! That way, if there is a keylogger on your PC, the worst they can do is get into your bitwarden password vault, but not the 2fa. (yes this requires some discipline on the user’s part, but bitwarden could strongly suggest this method within its interface somehow. At least provide a warning of some kind, because users, including myself never think of these things!)

5

Sidenote: I changed the title of this Feature Request from “Separate Password for 2FA (Verification Codes/TOTP/Authenticator Keys)” to “Separate password for access to the integrated authenticator (2FA TOTP codes / Authenticator Keys)”.