GitHub is slowly rolling in 2FA. Any good open source apps that will enable me to activate 2FA token on android? - eviltoast

If proprietary app is better and more robust I am willing to try it and assess it myself.

  • lud@lemm.ee
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Kinda makes two factor authentication useless as they are both stored in the same place.

    • GadgeteerZA@beehaw.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I think it is more about passwords being accessible after hacks etc. What you are referring to, is if Bitwarden were to be hacked, both are accessible. Online Bitwarden has securely hashed all the data, so that is pretty useless if anyone gets it. On my devices I use biometric login, and on desktop a Yubiky as 2FA into Bitwarden. I also have it set to request login every time the browser is restarted, just in case someone were to steal the session data from the browser.

      But your point is very valid if a user were to have a weak password for their Bitwarden, or not to have a good 2FA for their Bitwarden login. You want to keep that basket of eggs as safe as you can.

      • lud@lemm.ee
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        The whole point of 2FA is for them to be completely separate.

        • GadgeteerZA@beehaw.org
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          But if the access to the combination of the two requires a separate 2FA (my Yubikey), then it is virtually separated. It is not just one password and you inside Bitwarden. One could argue otherwise, that having a 2FA app on the same phone as your password manager, is also not separate, if the same PIN/biometric gives access to that phone with the two apps on.

          • lud@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Do you use your Yubikey for 2FA or do you use it instead of a password?

            If it’s the former then I guess it’s fine.