Do you think it’s worth keeping 2FA OTPs in a separate source from your password manager? Currently I keep them in Bitwarden. I was thinking keeping them separate could add a little extra security in case my BW was cracked, but not sure it’s worth the hassle of loading a second app for logins.

Do you know of an app that does 2FAs as conveniently as Bitwarden, in that it has mobile apps, browser extension, etc that can all access the same vault?

here’s one i came across from an awesome-selfhosted list. i would need to test the PWA experience https://github.com/Bubka/2FAuth

    • UnfortunateShort@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      4 months ago

      They do have desktop apps at least. I’m happy with it so far, totally second the recommendation.

      Regarding your general question: I would argue that a separate 2FA app is a must, since you can not only secure your password manager with it, but also remain protected if it is breached somehow.

      Having 2FA and credentials in one place partly breaks the rational between having 2FA at all.

      • slug@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        i just realized i set up ente but put the login for it in my bitwarden. that kind of defeats the purpose. so i guess i would need to save the ente creds outside of bitwarden… then i need a second 2FA source for that… endless cycle…

        • UnfortunateShort@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          I don’t bother with 2FA for Ente. It’s supposed to add a layer of security, no need to add yet another layer just for the sake of it.

    • AbidanYre@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I think auth is a pretty recent addition to ente’s lineup.

      I self host photos and their customer service has still been pretty responsive, so it may be worth reaching out and asking if a browser extension is on the roadmap.