Password Storage services

Forums › Desktop computing › Password Storage services

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10

1237 posts

Uber Geek

ID Verified

#3024606 20-Jan-2023 09:16

Entering all the details is becoming a punish. I am slowly realising how many websites i have credentials for that i just don't use. Thats a positive i guess

Referral Link Quic

Free Setup use R502152EQH6OK on check out

michaelmurfy

meow
13244 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#3024973 20-Jan-2023 22:19

This was actually rather interesting to listen to:

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Senecio

2711 posts

Uber Geek

ID Verified

Lifetime subscriber

#3025005 21-Jan-2023 06:39

hsvhel:

Entering all the details is becoming a punish. I am slowly realising how many websites i have credentials for that i just don't use. Thats a positive i guess

Its a good reminder to delete and remove old accounts that you no longer use isn't it?

Mehrts

1063 posts

Uber Geek

Trusted

#3025054 21-Jan-2023 10:25

Senecio:

Its a good reminder to delete and remove old accounts that you no longer use isn't it?

That's exactly what I did when I moved to Bitwarden. Took the opportunity to delete around 60 sets of credentials that I'd used to sign up for one-time access to various sites.

It took a while, but it was worth it.

hotsupes

161 posts

Master Geek

#3025287 21-Jan-2023 19:57

Senecio:

hsvhel:

Entering all the details is becoming a punish. I am slowly realising how many websites i have credentials for that i just don't use. Thats a positive i guess

Its a good reminder to delete and remove old accounts that you no longer use isn't it?

lmao, great video - I did enjoy the guy dumping on Bitwarden for being written in C# and .Net :D

hsvhel

1237 posts

Uber Geek

ID Verified

#3025678 23-Jan-2023 09:24

Closed 35 unused on friday.....more to go, most of them I had completely forgotten about

Referral Link Quic

Free Setup use R502152EQH6OK on check out

mjb

996 posts

Ultimate Geek

Trusted

#3025725 23-Jan-2023 12:00

ANglEAUT:

PS Anybody use their PW manager with a QNAP NAS. I can't get Bitwarden to identify the username field. It just stays bank.

Custom field, "username" in the "name" field, and your NAS username in the "value" field.

contentsofsignaturemaysettleduringshipping

Tradepub

Free professional, reference and technical white papers (affiliate link).

mdf

3513 posts

Uber Geek

Trusted

#3025941 23-Jan-2023 22:25

I've just finally bit the bullet and started a LastPass --> Bitwarden transition. The import feature worked shockingly well, though I have a lot of work ahead of me culling duplicate, disused and forgotten accounts (nearly 700. Ouch).

What are other Bitwardeners doing about two factor authentication? I was using LastPass Authenticator, a standalone app. Bitwarden Authenticator is built on the same Google Authentication framework, but it is built in to the password manager app, so both the password and 2FA code are sitting in the same place. Which seems to me to undermine somewhat the separateness of the second factor for authentication?

I appreciate Bitwarden is "secure" and if it gets hacked I've probably got bigger things to worry about. But I thought the same thing about LastPass not so long ago...

I'm currently considering using something standalone like Microsoft Authenticator (which I already have installed for O365 accounts and have backed up to a personal Microsoft Account) instead of the Bitwarden 2FA functionality. What are others doing?

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#3025942 23-Jan-2023 22:30

Yeah I agree, having 2FA inside your password manager seems pretty counter-productive - it is no longer a "second factor".

I use Authy, which allows you to sync across devices meaning you don't lose all your codes if you lose your phone (which is what happens with Google Authenticator - or at least it used to).

I dabbled with a self-hosted Authy equivalent, but in the end decided Authy ticked all the boxes, was free, and would still work if my home servers all crash!

michaelmurfy

meow
13244 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#3025943 23-Jan-2023 22:30

@mdf I trust Bitwarden due to it being opensource unlike Lastpass which was not.

And that trust extends to my 2FA - I've shifted from Authy to Bitwarden for 2FA as it is convenient + use Yubikey + Microsoft Authenticator for Bitwarden (because I have to use it for a few things anyway and thought it is better to have a backup for Bitwarden itself!). I did this due to the fact Authy is another app that isn't opensource and I trust Bitwarden over it personally since the Lastpass hack.

If somebody gets into your password vault you're the most pwned you can be. It doesn't matter if 2FA is in another app at that point as many services have a "forgotten 2FA" option. Just focus on protecting your Bitwarden vault and everything else inside that is safe.

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#3025944 23-Jan-2023 22:35

You raise some valid points @michaelmurfy.

michaelmurfy

meow
13244 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#3025946 23-Jan-2023 22:39

@SumnerBoy Also don't know how you're finding it but I found that Authy has become increasingly buggy especially if a site uses their 2FA implementation (you can't remove this easily). Eventually I had enough with it :)

Back in the day it was the best option for 2FA sync but now there are plenty of options out there.

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#3025949 23-Jan-2023 22:44

Yeah I find it fine, haven't really noticed any bugs - but I am probably not quite the same power-user that you are!!

This is the self-hosted service I tried - https://github.com/Bubka/2FAuth.

I just worry if I have a catastrophic failure in my home server, and need to rebuild from scratch, I will need 2FA codes to log into various things in order to rebuild my infra.

Therefore having my 2FA service on that infra seems a little brittle...

mattwnz

20157 posts

Uber Geek

#3025970 24-Jan-2023 01:25

michaelmurfy:

@SumnerBoy Also don't know how you're finding it but I found that Authy has become increasingly buggy especially if a site uses their 2FA implementation (you can't remove this easily). Eventually I had enough with it :)

Back in the day it was the best option for 2FA sync but now there are plenty of options out there.

I have an issue with one of my 2FA tokens not being able to be decrypted on some of my devices and it comes up with an error saying this. It is quite annoying and why I am inclined to use TXT authentication instead just for the reliability.

MurrayM

2456 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#3026010 24-Jan-2023 09:05

mdf:

What are other Bitwardeners doing about two factor authentication? I was using LastPass Authenticator, a standalone app. Bitwarden Authenticator is built on the same Google Authentication framework, but it is built in to the password manager app, so both the password and 2FA code are sitting in the same place. Which seems to me to undermine somewhat the separateness of the second factor for authentication?

This subject comes up a lot on the Bitwarden subreddit. The general consensus is that it's ok to use Bitwarden to generate 2FA codes so long as you properly secure your Bitwarden vault with a good master password and something like a Yubikey. Here's one thread that explains this.

Personally I use a couple of Yubikeys to secure my Bitwarden vault as well as a 2FA that is stored in Authy (this is the only account I use Authy for).

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10