When I launch Bitwarden on any device, after providing my credentials, I'm asked occasionally (not clear to me how often) to provide a 2FA TOTP from Authy. I have Authy on my phone as well as the other devices. All of this is good.īut here's my question: In what way is the approach taken by, say, LastPass, NordPass or Bitwarden any less secure? Please assume that the LastPass or NordPass or Bitwarden account is protected by 2FA from something like Authy. I may have to worry about losing my devices and also the emergency backup document on which I've recorded my secret key, but at least I don't have to worry about getting locked out of my 2FA method, say, because I lost my phone or my hardware key. And once I've authorized a device by providing my secret key, I don't get nagged any more for a TOTP code and don't need to insert a YubiKey. Even if (Heaven forfend!) someone on the other side of the world knows my login email and my master password, without also having my secret key, they can't get into my account. I understand that it is not technically "2FA", but as a practical matter, it has a similar practical result. I'm fond of the s1Password's secret key approach. (The price has gone up and as far as I can tell, development has ceased.) So as a practical matter, 1Password has the secret key approach to itself. And sadly, RememBear seems to be in the autumn of its life. To my knowledge there are only two important password managers on the market today that use a locally-stored secret key to authenticate specific devices: 1Password and RememBear. But the pros and cons are a bit more objective. I'm pretty sure "which is better?" has a personal answer. This isn't intended as a "Which is better?" question, but as a "pros and cons" question.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |