this post was submitted on 02 Nov 2023
203 points (99.0% liked)

Android

17641 readers
155 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

πŸ”—Universal Link: !android@lemdro.id


πŸ’‘Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

πŸ’¬Matrix Chat

πŸ’¬Telegram channels / chats

πŸ“°Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS
all 35 comments
sorted by: hot top controversial new old
[–] twistedtxb@lemmy.ca 76 points 1 year ago (4 children)

When LastPass got hacked I switched to bitwarden and never looked back. Simple and effective interface, works on all platforms, I love it!

[–] ijeff@lemdro.id 18 points 1 year ago (3 children)

It's awesome. After using it free for years, I recently became a paid subscriber as a show of support.

[–] ikidd@lemmy.world 11 points 1 year ago (2 children)

$10/yr is not a big price for what you get. I don't think I even use the extra features you get with the subscription, but supporting the maintenance and development of a product I would like to use for years to come is important.

[–] ijeff@lemdro.id 9 points 1 year ago (1 children)

Agreed. I like that the free version works well. The lack of pressure or nagging toward paying is what gets me to want to pay. I usually avoid subscriptions.

[–] ikidd@lemmy.world 5 points 1 year ago

I usually self host but the fact that the option is there and I can use it any time in the future is the main reason i use BW and kick them a bit of money. And not bring nagged or forced to subscribe is a major factor for me as well.

[–] sadreality@kbin.social 4 points 1 year ago

10 bucks per year is a small price to pay to support good business

[–] TheMadnessKing@lemdro.id 2 points 1 year ago

Honestly, I have been thinking of doing the same. I really don't require any of their premium features and am getting it to show my support.

$10/yr is dirt cheap for something so important in our online life.

[–] Nightsoul@lemmy.world 7 points 1 year ago (1 children)

I switched to bitwarden when last pass announced they were changing there free model so you can only use your passwords on browser or mobile but not both. Liked bitwarden way better and immediately did the yearly sub to support them.

[–] nonfuinoncuro@lemm.ee 1 points 1 year ago

Same after dashlane just announced they're limiting the number of passwords you can use on the free account, migrating was painless

[–] Zink@programming.dev 4 points 1 year ago

Same here. Bitwarden has been good to me so far!

Their desktop app isn’t as nice as LastPass, but I’ll put up with a minor inconvenience to keep my passwords secure.

[–] smileyhead@discuss.tchncs.de 18 points 1 year ago* (last edited 1 year ago) (2 children)

How is Bitwarden having all the actually needed things for free, still developing, be most open and community-friendly of cloud-synced managers, allow self-hosting everything for free and still cost just 10$/year for managed premium???

I bought premium just for the 2FA codes support and recently they announces btw it is free now. Like, buying premium for me now would be like donating, they give me anything I want anyway.

[–] SirEDCaLot@lemmy.today 7 points 1 year ago

Their service is probably set up so the per-user overhead is low.
Think about it- what does your 'using it' actually consume? a few hundred KB of disk space and a little bandwidth?

I agree it's a great value though. Signed up a few weeks ago and haven't looked back.

[–] ijeff@lemdro.id 4 points 1 year ago

I'd imagine their business and enterprise service is what currently or will pay the bills for them. Either way, I love their approach and the fact that it's open source.

[–] Heavybell@lemmy.world 17 points 1 year ago (2 children)

I am still a little unclear on what this means. Isn't the idea of passkeys that they're stored on your PC's TPM? What does Bitwarden "supporting passkeys" mean in that case? Are they not stored on the device if you use Bitwarden?

[–] mars@lemmy.ca 14 points 1 year ago (1 children)

You're thinking about "device-bound passkeys". Bitwarden and any other third-party credential manager leverages "synced passkeys" because they don't control the hardware.

Synced passkeys are actually called out in the FIDO Alliance's FAQs as preferred since they more closely align with the desired replacement of traditional passwords.

[–] Heavybell@lemmy.world 4 points 1 year ago (1 children)

So it's just one half of a key pair stored in Bitwarden, then? And you authenticate to Bitwarden as usual?

[–] mars@lemmy.ca 2 points 1 year ago

Well, it's a full keypair being stored: Authenticators like Bitwarden need to first provide the public key to the relying party (RP) so the RP can issue the encrypted auth challenge. The challenge then is handed back to the authenticator, user verification happens, then the challenge is signed by the private key and sent back to the RP for verification to complete the auth ceremony.

[–] ikidd@lemmy.world 5 points 1 year ago* (last edited 1 year ago) (1 children)

They'll probably interface the key exchange from TPM, pulling and storing keys as needed from the TPM to applications you use BW with.

[–] SirEDCaLot@lemmy.today 4 points 1 year ago (1 children)

No, TPM isn't involved here. There's a few kinds of passkeys.

Hardware bound keys are locked up in a physical device like a TPM or a YubiKey. That physical device has its own security to unlock it- TPMs often work with fingerprints, or a YubiKey usually has a PIN (aka password).

A passkey can also be done in software, and that's what's happening here. BitWarden stores the encryption key within the BitWarden vault, so it can (eventually) be accessed by any device signed into your BitWarden account. Thus the same passkey works on your computer, laptop, phone, tablet, etc.

It's worth noting that Google and Apple both do it this way- the passkey is stored in their password manager, and you use Face ID or fingerprint ID to unlock that.

[–] ikidd@lemmy.world 2 points 1 year ago (1 children)

THat would make sense given that you'd want to be able to use it across other logged in devices.

Appreciate the explanation.

[–] SirEDCaLot@lemmy.today 1 points 1 year ago

Most welcome :)

[–] indigomirage@lemmy.ca 4 points 1 year ago

Have been looking forward to seeing your they implement this. Once it gels a bit I'll likely dive in.

[–] sabreW4K3@lemmy.tf 4 points 1 year ago

Anyone seen any commits to suggest when it's coming to Android?

[–] 4am@lemm.ee 3 points 1 year ago

Is this β€œwebauthn” that Proxmox recently added support for?

[–] theangriestbird@beehaw.org 1 points 1 year ago (3 children)

Am I missing something? Bitwarden already has support for authentication via biometrics or Windows Hello. How is this different from that?

[–] janguv@lemmy.dbzer0.com 4 points 1 year ago (1 children)

My naive understanding would be: a passkey replaces a password for an individual login; a biometric authentication replaces a password for the vault that stores individual login passwords.

[–] theangriestbird@beehaw.org 1 points 1 year ago (1 children)

so basically: right now, I have a master password, and I can set up Bitwarden to bypass the master password with biometrics. With passkey set up, I will no longer have a master password, and biometric will be the only login method?

It is not about logging in to BitWarden via PassKey, but logging in via BitWarden to other services.

Confusing, but what it means is you not storing password in a manager, but a cryptographic private key.

[–] AndyG@lemmy.world 1 points 1 year ago

How does this work when I want to log in from a device that doesn't have bitwarden, for example my android phone (for now at least) or my TV or otherwise? Can you manually type in a passkey?