Nevertheless I chose my Yubikey instead.

  • hswolf@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    yeah, while I understand that, it’s not every time I have both my phone and computer together at the same time

    using a standalone OTP on either one of them would make the opposite a pain in the ass to use

    I take a lot of precautions with my main vault password, even got a biometric reader so I don’t have to type the password that much

    • PracticalParrot@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      You’re absolutely right. It’s all about your threat model, how much convenience you’re willing to lose and what not.
      I absolutely should do more to minimize potential risk, but it’s really so convenient to just… Have it all in 1 place…

      • Norah - She/They
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        Something that I do to make sure I’m more protected is that I don’t put the two-factor for my main email accounts into Bitwarden.

        • PracticalParrot@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          This is a smart solution. Only solution I have so far is self hosting bitwarden, using unique password to login, and having 2fa to login to bitwarden, where the key is in bitwarden, and on aegis on a phone at home.