this post was submitted on 01 May 2024
512 points (97.4% liked)

Technology

58143 readers
5171 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
512
Bitwarden has launched a new authenticator app (bitwarden.com)
submitted 4 months ago by ForgottenFlux@lemmy.world to c/technology@lemmy.world
170 comments fedilink hide all child comments
 

Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.

In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.

There is a comprehensive roadmap planned with additional functionality.

Available for iOS and Android

you are viewing a single comment's thread
view the rest of the comments
[–] Coreidan@lemmy.world 7 points 4 months ago (3 children)

Jesus fuck. How many more authentication apps do we need that all do the same thing?

At work I need at least 4-5 different authentication apps because every customer has something different.

We don’t need another.

[–] vividspecter@lemm.ee 28 points 4 months ago (2 children)

You only need one app, as long as the totp is implemented in a standardized way.

[–] 0x0@programming.dev 4 points 4 months ago (3 children)

Microsoft products would like a chat...

[–] Scrollone@feddit.it 5 points 4 months ago (2 children)

I use my Microsoft account with a standard OTP app, you don't need their own app.

[–] rolling_resistance@lemmy.world 3 points 4 months ago (1 children)

Wait until your workplace requires you to only use MS Authenticator push notifications 😭 and HOTP occasionally…

[–] sugar_in_your_tea@sh.itjust.works 1 points 4 months ago

Is that a thing? Usually those have a fallback to a regular TOTP code.

I use Okta for work because we integrate SSO with it everywhere, but I could technically enter a code every time and swap out the Okta app for the other TOTP app I use.

My company is a MS shop, but they use TOTP as the second factor, and even that is optional. My department uses Okta, which is a completely separate system (we're a weird, separate unit entirely from most of the rest of the company).

[–] 0x0@programming.dev 1 points 4 months ago (1 children)

I did too until it kept rejecting my tokens frequently - changing to M$ Authenticator "solved" it.

[–] sugar_in_your_tea@sh.itjust.works 2 points 4 months ago* (last edited 4 months ago)

They must now require HOTP or something now. TOTP doesn't care what machine it's on, whereas HOTP does (well, you could spoof it if you really wanted).

[–] JustARegularNerd@lemmy.world 2 points 4 months ago

They did. DUO was born.

[–] sugar_in_your_tea@sh.itjust.works 2 points 4 months ago

They're probably using HOTP or something else, not TOTP. TOTP is literally just the key + any clock. Or maybe it's the "click button to authenticate" and not the "enter code to authenticate," which might not be HOTP or TOTP, but something else entirely (e.g. Steam's system is neither AFAIK).

If it's TOTP, you just need to get the key and can use any authenticator app.

[–] dave@feddit.uk 14 points 4 months ago (2 children)

4-5 TOTP apps? So far, when, e.g. Microsoft or Google have insisted use of their own Authenticator app is required, it’s worked fine for me using Ente Auth or similar just by entering the code / QR.

[–] sugar_in_your_tea@sh.itjust.works 3 points 4 months ago* (last edited 4 months ago)

Yup, most 2FA is just TOTP, which is a pretty simple, open standard and is hardware independent. All you need is a key (the QR code or the numbers) and access to a reliable time source and you can make a TOTP app on anything.

I use Aegis on my phone and Authenticator on Linux (some GTK app), and they both produce identical codes for the same key.

[–] million@lemmy.world 1 points 4 months ago

This even works with some apps that hide the standard part - like Symantec VIP - it’s possible to extract what they are doing and use a standard TOTP app instead of VIP.

[–] blazeknave@lemmy.world 2 points 4 months ago

Random number generator 2fa?