It depends on your risk profile, but yes, it’s less secure. For some people the convenience is worth the risk, for others maybe not. If you opt to store 2fa keys in Bitwarden you’d definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.
If you opt to store 2fa keys in Bitwarden you’d definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.
With the risk of getting locked out if all your devices get logged out of Bitwarden! 🙈
To clarify, you’d want to enable 2fa for Bitwarden and store the token for that in a different authenticator app - that way you can still log in to Bitwarden without already needing to be logged in
Two factors is like a second step, the 2FA is normally this token (TOTP) that is generated every X minutes, so if someone steals your password, they still need another number that they will not get unless they hacked your device, and if they hacked your device, they probably have access to many of your data or access to that secret token to log in. Doesn’t mean they should be separated, but you could, still the safest way to keep all secure isn’t splitting passwords and tokens but using a hardware key. That’s my view.
BitWarden.
I don’t think that it’s safe to leave both authentication factors in a single app.
It depends on your risk profile, but yes, it’s less secure. For some people the convenience is worth the risk, for others maybe not. If you opt to store 2fa keys in Bitwarden you’d definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.
With the risk of getting locked out if all your devices get logged out of Bitwarden! 🙈
To clarify, you’d want to enable 2fa for Bitwarden and store the token for that in a different authenticator app - that way you can still log in to Bitwarden without already needing to be logged in
This. It’s not two factor if both factors are stored together lol
Two factors is like a second step, the 2FA is normally this token (TOTP) that is generated every X minutes, so if someone steals your password, they still need another number that they will not get unless they hacked your device, and if they hacked your device, they probably have access to many of your data or access to that secret token to log in. Doesn’t mean they should be separated, but you could, still the safest way to keep all secure isn’t splitting passwords and tokens but using a hardware key. That’s my view.