|
|
|
|
|
|
by sbysb
1234 days ago
|
|
|
I think that while storing a TOTP in your password manager is less secure than using an external app, I also feel like this is missing a large portion of when I am storing a TOTP in Bitwarden - shared accounts. Being able to store a TOTP in my password manager allows me to have a shared account still use 2FA - and provided all parties also have 2FA on their Bitwarden accounts I think this is a pretty secure system and much preferable to one party having TOTP and everyone else needing to email or message them to get the code. Especially considering that as the number of "Hey can you send me the code to log in real quick" messages the 2FA holder gets goes up, the likelihood they get complacent and just start automatically responding could also create a threat vector. |
|
|
Except TOTP secret in password manager is the same factor as the password (both being the password manager), so you don't get 2FA