Email or username:

Password:

Forgot your password?
Joe's posts Post Back to profile
Top-level
Walter Burns

@jzb

In case this post is not sarcastic: here's a superior and simpler way to do it.

1. Open @bitwarden in the browser (if already not unlocked)
2. Let it auto-fill credentials
3. If 2FA active: simply cmd+V or ctrl+V (since it has auto copy TOTP)
4. Press enter to log in

Passwords cannot be compromised if securely generated with password managers since they are stupendously strong.

Please don't imply that authentication is hard - everyone should be encouraged given its ease.

24 September at 14:14 | Wall-to-wall | Open on toot.community
15 comments
Tokenizer

@walterburns @jzb @bitwarden He's just pointing out a fact. Independently of how hard/easy auth is, facts should not be ignored.

24 September at 14:42 | Open on fosstodon.org
Walter Burns

@tokenizer And I mentioned facts too - a simpler way to do things.

24 September at 14:56 | Open on toot.community
Robbert

@walterburns @jzb @bitwarden
don't assume that their threat model is the same as yours.
i for example use multiple methods
some required a yubikey as 2fa
some have the totp in my password manager
some are in a standalone totp manager

and then ofcourse we have companies which force you to use their own 2fa which is incompatible with de standard(i'm looking at you authy)

24 September at 14:52 | Open on mastodon.online
Walter Burns

@mjrider For most people, TOTP is enough and security keys are not necessary. So - my advice applies to most and not all. I am aware.

24 September at 14:57 | Open on toot.community
Walter Burns

@mjrider And you really should not be using or even recommending Authy. If you need an app, @ente Auth comes highly recommended from most if not all experts on the matter.

24 September at 14:58 | Open on toot.community
Robbert

@walterburns
to make it abundantly clear, i only use authy because it is(or was) the only way to use 2fa with twilio.
i really think it's a bad solution for 2fa

24 September at 17:13 | Open on mastodon.online
Joe Brockmeier

@walterburns @bitwarden The post is largely a sarcastic, or perhaps sardonic, observation what a royal PITA using the Web has become if you happen to use a lot of web-based services / websites with authentication of some sort. (Doubly so if you only log into many of them infrequently.)

Note the point about going through all the fuss of 2FA and then being notified the service itself was hacked anyway... which is only a minor exaggeration, unfortunately...

24 September at 15:05 | Open on mastodon.social
Walter Burns

@jzb yes I get that my good sir. And I wanted to bring in a little more seriousness to the post by actually informing readers of easy it really is in case anyone may actually be interested in learning.

24 September at 15:31 | Open on toot.community
Joe Brockmeier

@walterburns What is this "seriousness" of which you speak?

24 September at 15:51 | Open on mastodon.social
Walter Burns

@jzb my first comment of explaining and showing how easy it actually is.

24 September at 15:59 | Open on toot.community
blausand 🐟

1. I'm not a customer of #Bitwarden and I strongly recommend not even thinking about it. A commercial service at this point in the chain, what could possibly… really.
2. 2FA severly damages the UX of following simple and effective safety guidelines, like deleting cookies once a day.
3. 2FA undermines good habits like keeping your phone number private. E.g., when I have to log into my webmailer in somebody else's browser to copy the code, I gain ZERO security.

#funktionalKAPUTT

1. I'm not a customer of #Bitwarden and I strongly recommend not even thinking about it. A commercial service at this point in the chain, what could possibly… really.
2. 2FA severly damages the UX of following simple and effective safety guidelines, like deleting cookies once a day.
3. 2FA undermines good habits like keeping your phone number private. E.g., when I have to log into my webmailer in somebody else's browser to copy the code, I gain ZERO security.

24 September at 19:35 | Open on chaos.social
JK

@walterburns @jzb @bitwarden if authentication wasn't hard there wouldn't be people doing research to make it easier (passkeys). password-based authentication with 2FA is a pain in the ass. I know hardly any normal people using password managers.

24 September at 18:34 | Open on mastodon.world
Walter Burns

@jasonekratz

Sigh *rolls eyes*

It obviously means authentication and using password managers isn't hard - from the users' POV.

Do you not fathom the context of the thread and the discussion?

24 September at 18:41 | Open on toot.community
JK

@walterburns Eye roll all you want but its clear you have have never worked with normal people 😂 of course its hard. Auto-fill does not work 100%. Never has for any of the many password managers I've used over the years. Password managers *add* another layer of complexity, not take it away. The best password is no password (passkeys) and not a password manager.

24 September at 19:12 | Open on mastodon.world
Sieva 🚴🚇🏙️🌹

@walterburns @jzb 2FA in Bitwarden requires a premium account. It also doesn't support HOTP and custom MFA auth (like app pushes to Microsoft or DUO), not to mention moronic services that just default to email or phone MFA (looking at you, Eventbrite).

But yeah, Bitwarden is very cool.

24 September at 19:10 | Open on social.coop
Go Up