Where does that leave you? The three apps I currently recommend are 2FAS, Aegis Authenticator (Android), and Raivo OTP (iOS). They recently added a cloud backup, but they biffed it: it is evidently not e2e encrypted. None of us know what the hell is really in the source code, and there was no effective way for you to back up and leave their ecosystem. Google Authenticator, up until recently, had the same issues.
(Yeah, there is that GitHub project, but the README there points out that it is abusive enough that you may get locked out by the Authy firewall if you use it.) And your datastore cannot be exported or directly imported. So what about Authy? Well, it uses super duper sneaky undisclosed source code, so none of us have reason to trust it. A script-based, small (1mb), Open Source Application written in AutoHotkey that provides keyboard shortcuts to auto-type usernames, passwords and Time-based One-Time Passwords ( TOTP) for applications and websites, it borrows the concepts coined by KeePass but with Bitwarden as 'backend'.
There are many plausible disaster scenarios where an external copy of your data will make the difference between resumption and total loss. Cloud storage such as the Bitwarden servers are a good first line of defense, but they are not a backup! I remind people often they need a backup of their Bitwarden database, and the TOTP data is no more than a variation of that. This kind of app needs to say what it does and do what it says how do you know it isn't sending your secrets to cybercriminals?Īs far as export/import, you, the user, are responsible for your credential datastore.
#Bitwarden authy password
We all use closed source every day, but when it comes to an app that literally handles your secrets, like your password manager or a TOTP app, this is a bridge too far.
#Bitwarden authy full
The public source requirement is full stop essential. Thanks Matt If you wrote them down or made print-outs of the QR-codes when you activated them you could now add them to Bitwarden.
#Bitwarden authy how to
Learn something new every day: See how to transfer TOTP Authenticator Keys from Authy to Bitwarden (untested) a few posts below thanks to mwalker212. If you choose to use an external TOTP app for whatever reason, I have two requirements for suitability: it needs to be open source (well, at least public, like Bitwarden), and it needs to let you export and import your TOTP keys. I do not know any method to transfer the TOTP Authenticator Keys from Authy to Bitwarden. Which approach do you feel will minimize your overall risk? Everyone has a risk profile, which is a subjective unquantifiable assessment of their risk, which changes over time. And if you have your TOTP keys in a separate app on the same device, you have done very little to mitigate that risk: if someone has compromised your device, putting the secrets in a different app is nothing more than empty theater. Others point out that the only risk there is from poor opsec, including malware. Some are adamant that it is safer not to have their TOTP keys in the same place as the rest of their secrets. There is no consensus on the suitability of Bitwarden Authenticator.
0 kommentar(er)
