I understand why they're doing this but if I was okay with Google being able to lock me out of my password manager then I would simply be using Google's password manager already
=> More informations about this toot | More toots from mcc@mastodon.social
@mcc this only happens if you dont already have 2FA enabled. Just enable a TOTP Authenticator on your account and this behavior goes away. Should be the default anyway.
=> More informations about this toot | More toots from jantzen@mas.to
@jantzen ? but isn't bitwarden my TOTP authenticator?
=> More informations about this toot | More toots from mcc@mastodon.social
@mcc @jantzen in principle, I think you’re supposed to have a separate password manager and TOTP authenticator, since otherwise you’re reducing your two factors to one. I don’t really know how much that matters, or what considerations your threat model makes about a breach of your password manager
=> More informations about this toot | More toots from shadowfacts@social.shadowfacts.net
@shadowfacts @jantzen is it actually true that two programs on my phone is more secure than one program on my phone?
=> More informations about this toot | More toots from mcc@mastodon.social
@mcc @shadowfacts @jantzen well, in the scenario under discussion (logging in to bitwarden on a new device) isn't their concern that it's currently 0 programs on my phone? All that's needed is my master password.
As I read their announcement, if one has some non-email 2FA set up already, then the new email based 2FA is not required, right?
=> More informations about this toot | More toots from esnyder@mastodon.social
text/geminiThis content has been proxied by September (3851b).