• stealth_cookies@lemmy.ca
      link
      fedilink
      English
      arrow-up
      13
      ·
      11 months ago

      It is a bad idea to have your password manager and 2FA be the same app though. You want to spread it around so one attack can’t break your logins.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        11 months ago

        Good point.

        Is it realistic (i.e. is it secure enough) to self-host 2 Bitwarden, one for passwords, one for authentication?

        Or would splitting that between 2 Bitwarden logins work?

        I just throwing stuff at the wall, I haven’t thought either of these through yet.

      • Norgur@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        While that is true, the risk of someone brute forcing into an account of mine on the login side than on mine. That’s what I use 2FA against. If they managed to break into my vault, they’d have broken into my Mailserver and whatnot, so…

        • CosmicTurtle@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          11 months ago

          Which is damn near cheap compared to other companies. I personally use dashlane (I know I know I should self host but I don’t trust myself for something as important as passwords) and that’s $60 for their premium package.

        • reev@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          6
          ·
          11 months ago

          I love my bitwarden but is it less secure to have all your eggs in one basket? That’s the main reason I’ve been using separate apps so far.

          • methodicalaspect@midwest.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            11 months ago

            It may very well be, especially if the basket your eggs are in is full of holes. I always figure, as long as it isn’t a pad of paper on a desk, or a company that regularly makes headlines due to security breaches, I should be okay.

        • rambaroo@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          11 months ago

          Cool, I might check it out then. I knew I’d have to move off of authy eventually.

          • ikidd@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            11 months ago

            I self-host, but I still pay for their premium because it’s a damn good product I want to see kept maintained for years to come.

            I mean, cmon, it’s $10. Almost cheaper than a banana.

            • BearOfaTime@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 months ago

              That’s a good point.

              I’m not paying currently because I don’t use their online service.

              Adding them to my “Annual Donate to Software I find Useful” list, that I just started this year.

              I despise subscriptions. For apps that have a hosted portion, I understand them, but I’d still rather pay annually.

              • ikidd@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                11 months ago

                It’s $10 annually in case you thought it was monthly. I’d imagine if you went in and subbed, then cancelled the sub, you’d still have your year you paid for. But yah, I’d like an option to not auto-renew, even though I do.

    • bdonvr@thelemmy.club
      link
      fedilink
      English
      arrow-up
      4
      ·
      11 months ago

      Yeah, I already run Vaultwarden. But like others I don’t really want to combine my tokens and passwords.