Reminder for Bitwarden users: Starting in February, users without two-step login (2FA) enabled will need to enter a verification code sent to their email when logging in from an unrecognized device
-
[email protected]replied to [email protected] last edited by
I rebuild my OS sometimes three times a year.
-
[email protected]replied to [email protected] last edited by
The other option for traveling that might be better is use Keepass with the file stored on your phone, that way no internet is needed and there's no chance of lockout from your password DB.
-
[email protected]replied to [email protected] last edited by
I have another 2FA app (Aegis) with the same keys added for my email and any other critical stuff.
-
[email protected]replied to [email protected] last edited by
I'd say the title would be more precise like "starting February, 2FA will be required for all users" as tth email is also a form of 2FA.
I think it's good, especially when done on the device level, making it that I don't have to use the 2FA part every single time I login, it's a good balance between security and usability
-
[email protected]replied to [email protected] last edited by
Choosing to force users to memorize a recovery code
now who's being purposefully obtuse.
-
[email protected]replied to [email protected] last edited by
Fuck Bitwarden.
They gave 3 days of notice.
Absolute shitshow.Use Keepass, minimize your reliance on cloud. The "cloud" is just someone elses computer.
-
[email protected]replied to [email protected] last edited by
Insanity is doing such a drastic chance on less than 3 days notice, a change that could potentiallt lock out people that aren't very tech savy, and only found Bitwarden by a techy friend's recomendation, or just happened to see it on their phone'a app store.
Absolute Shitshow
3 days notice lmfao, Fuck Bitwarden
Keepass all the way!
-
[email protected]replied to [email protected] last edited by
I self host Bitwarden (aka Vaultwarden) and recommend that to anyone who is comfortable hosting a container. For everyone else I still think Bitwarden cloud is the best most trustworthy free cloud credential manager.
KeePass rules though, I used it for years. I no longer recommend it mostly due to the difficulty of securely syncing the database which generally forces people to rely on a cloud provider anyway.
-
[email protected]replied to [email protected] last edited by
I've had a good experience self hosting Bitwarden (using Vaultwarden). I've printed off some instructions for my wife or family to gain access in case something happens to me. I haven't done this yet but I also want to occasionally export my vault to an encrypted USB to keep alongside things like passports and birth certificates.
Those might be good options for you too considering the risks you've outlined.
-
[email protected]replied to [email protected] last edited by
Bitwarden caches passwords locally so if your self hosted instance goes down or is inaccessible to can still access those caches credentials and OTP codes.
I tested this thoroughly and was very nervous that a server outage at home would lock me out of the credentials I need in order to fix it. It's been good enough for me to get by until I can fix whatever is broken.
-
[email protected]replied to [email protected] last edited by
Yeah that's true. I just have worries that the app might do something weird and require a log in and re-sync.
-
[email protected]replied to [email protected] last edited by
Yeah it's worth considering risks. If I lose access to my credentials it would be a ridiculous amount of work to recover, probably losing access to some things forever.
