Reminder for Bitwarden users: Starting in February, users without two-step login (2FA) enabled will need to enter a verification code sent to their email when logging in from an unrecognized device
-
[email protected]replied to [email protected] last edited by
ok, sorry for answering what appeared to be a genuine question.
-
[email protected]replied to [email protected] last edited by
Nah you hit the nail on the head. I 100% agree with you. Sorry if I came off brash.
-
[email protected]replied to [email protected] last edited by
Yep so you have to "switch user" after that on computer and mobile where your old email is remembered.
-
[email protected]replied to [email protected] last edited by
From the wikipedia link you posted:
Account recovery typically bypasses mobile-phone two-factor authentication
It also lists more advantages than disadvantages.
-
[email protected]replied to [email protected] last edited by
yes, that's the whole point, to recover your account if you lose your MFA device. what are you even trying to say?
-
[email protected]replied to [email protected] last edited by
@ForgottenFlux I lost one of my pair of hardware keys last week. Waiting for replacement to arrive - #Bitwarden will be the first thing I register it into
-
[email protected]replied to [email protected] last edited by
Sweet! As long as I don't lose access, I'm good. I've been trying to do that for a while, since I lost access to my old email (my own stupid fault), but couldn't figure out how to do it on the app... because you can't haha I'll have to try that through the webapp! Thanks!
-
[email protected]replied to [email protected] last edited by
My problem with this is my email accounts are locked behind bitwarden. Can't login to email without bitwarden. If both my devices get stolen at the same time I'm fucked. I'm not going to pay for premium to enable a emergency contact.
Downloaded bitwardens authenticatior app. Now firefox on my computer is asking for me to press on a security key which I assume is some sort of biometrics my computer doesn't have.
I love 2FA I just don't see how it is supposed to work if you need bitwarden to open your email to get your 2FA code.
Let's say your backpacking through south america and both your devices get robbed. Your ticket home is in your email. What's the solution here? You can't go to a coffee shop and login to your email because its securely locked behind bitwarden. You can't login to bitwarden because you can't access your 2FA from your email.
What am I missing?
-
[email protected]replied to [email protected] last edited by
Use something else for 2fa not email. I used to use keepass for 2fa on my laptop and phone, but now I'm using ente auth. It's convenient because I can login ente auth anywhere and get a code but the only thing is you'll need to remember 2 passwords which is worth it imo.
-
[email protected]replied to [email protected] last edited by
I remember two passwords. My email and my password manager. Oh, and one of my banks.
Locking the key in the vault, or the backup vault, didn't make sense to me. It also made sense for me to have access to one bank even if I lose both "vaults".
-
[email protected]replied to [email protected] last edited by
My email pass is over 25 more or less random characters that I change about once a year. That's why I use bitwarden!
-
[email protected]replied to [email protected] last edited by
So I need a 2FA application? Just seems a little ridiculous as that is what I use email for. So my bw pass is well over 25 chars and I need to have another app that requires an equally strong pass. Just seems a little overkill! Especially changing passwords every year.
-
[email protected]replied to [email protected] last edited by
Shit no.
-
[email protected]replied to [email protected] last edited by
yes, that's the whole point, to recover your account if you lose your MFA device. what are you even trying to say?
If you can login without the second factor then what's the point?
-
[email protected]replied to [email protected] last edited by
This is why I turned on 2FA with Aegis and soon as I heard this news. I set them up with two passwords I remember well, and have biometrics set on both apps so fingerprint is all I'll need 9/10 times.
-
[email protected]replied to [email protected] last edited by
Find a new single point of failure?
-
[email protected]replied to [email protected] last edited by
On my home PC. Same with the 2fa export of aegis.
"What if you can't access blah"
There's a limit to interoperability, if you want access to everything everywhere even when you lose access for whatever reason, you will have to concede security.
You could save a keepass file with secure notes of both the bitwarden 2fa and recovery codes and save it in drive or whatever, you don't need passwords nowadays to access the Google account.
"But what if I lose access to my phone?"
Well you are fucked, what else do you want? I guess you could print the recovery keys and store them in a secured box at home.
-
[email protected]replied to [email protected] last edited by
You provided a situation where your phone was robbed and you didn't plan for it so you didn't print the relevant information.
So... Prepare ahead? Go to a relevant office with identification to get access to the relevant tickets again?
"What can I do if all the tools at my disposal to get the relevant information are stolen?" You get fucked. Idk what else to tell you.
-
[email protected]replied to [email protected] last edited by
You can also register a MFA app and lock recovery codes in your PC.
This has been announced with enough time, you still have time to download another app like aegis or whatever. This is only for new logins however, you will still have access to bitwarden wherever you are already logged on.
-
[email protected]replied to [email protected] last edited by
I did it years ago when they sent me an email suggesting to do exactly that.