Bitwarden just launched a new authenticator app. Here’s what it means to users. | Bitwarden Blog
bitwarden.com
Storing 2FA codes is just the beginning. Bitwarden aims to add defense in depth to authentication.

Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.

In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.

There is a comprehensive roadmap planned with additional functionality.

Available for iOS and Android

  • Snot FlickermanEnglish
    500·
    6 months ago

    No, they’re both ostensibly open source and standalone. I’m an avid Bitwarden Free user, but Aegis has been my go-to for a long time.

    If it’s a standalone completely offline app, like Aegis, I’m at a loss to what they could offer that is any different than what Aegis already offers.

    • Simon MüllerEnglish
      180·
      6 months ago

      If you look at the roadmap they have in the blogpost, they are apparently planning tighter integration with the existing bitwarden suite

      • Snot FlickermanEnglish
        160·
        6 months ago

        but wouldn’t that undermine the fact that it’s standalone and offline?

        • EvotechEnglish
          70·
          6 months ago

          Sand the fact that it’s a 2fa. A thicker integration with bitwarden would make it like a 1.5fa

        • laurelravenEnglish
          30·
          6 months ago

          I don’t see why it would if it’s optional

      • sugar_in_your_teaEnglish
        10·
        6 months ago

        How so? They already have TOTP built-in to the app if you pay for premium, so this is just a free competitor to their own offering.

        I’m guessing they’re trying to make it a “gateway” to getting people on Bitwarden. Start with the TOTP app, then use the password manager, then pay for premium. Or something like that.

    • fluckxEnglish
      61·
      6 months ago

      2FA push is on the roadmap. Does aegis have that? Or am I just too dense to realise it does?

      • Snot FlickermanEnglish
        98·
        6 months ago

        I mean, Aegis is 2FA? That’s literally all it is? It generates One Time Pad codes for various sites and apps that support authentication apps.

        So, I’m not sure what you mean?

        • laurelravenEnglish
          90·
          6 months ago

          I’m not positive but I’m assuming they’re referring to a kind of MFA where the authenticating service pushes to the client you possess rather than relying on a temporal cryptographic key. I’ve got a few services which work that way

          • fluckxEnglish
            40·
            6 months ago

            That’s indeed what I meant. Similar to how OKTA, battle.net, or the Microsoft authenticator works( in corporate environments).

            You receive a push notification which asks if you’re trying to log in and approve it, followed by a fingerprint or a pin code to confirm, rather than having to type in the code generated by your app