Does anyone know why there are no dedicated Authenticator apps made by for example Proton or Bitwarden?
I’m aware that they have TOTP baked into their password managers but you still need to have at least one separate solution to log into your vault.
Bitwarden has otp built in but you have to buy premium. Totally worth it.
Should probably mention that premium is only 10 bucks a year. I also don’t just pay for the feature itself but also to support Bitwarden, it’s completely free and open source after all.
Same. 10 bucks is a steal.
Why do you need that? Just use one of the already existing ones like Aegis.
Why do you need a separate one?
Because if - if - your master password database gets breached, having your TOTPs in a separate vault is the difference between
Shit, they got into my stuff which doesn’t support TOTP
and
Shit, they got into everything
No. If anyone has access to your email or master password, they can simply reset any other account. How would your difficult (one time used) password of protonmail be leaked? Proton doesn’t have it. Only if you’ve got powerful malware on your device and then it doesn’t matter in which app your shit is stored.
What? No. That depends on the site in question. If you have 2FA, the site should not let you reset your password without that 2FA - it’s one of the major points of even having 2FA. If a website lets you reset your password without the multifactor auth you set up, they’re doing it wrong.
Edit: to be clear, we’re talking about having your multifactor auth in the same vault as you keep your passwords. That’s fine to do as long as your vault doesn’t get breached. If you do get breached, having your TOTP secrets in a different vault will help keep at least some of your accounts safe.
I keep google authenticator around just to store bitwarden’s totp. But I also store bitwarden’s totp inside bitwarden, so I can use bitwarden’s mobile client to get bitwarden’s totp when I log into bitwarden on another device.
That’s what I’d recommend. Why Google and not Aegis or another non-Google FOSS app?
Nothing in particular, all my totp was in google authenticator and over the years I migrated them all to lastpass then bitwarden, and the only thing left there is now bitwarden totp.
