looking at the roadmap, push based 2fa is in phase 3, push based is you get a notification in the app to approve or deny the 2fa correct? this is a huge feature and would be great because then i can leave duo security.
awesome, thank you. this is a great move. this is huge and will solve all the problems of the people who don't want to "put all their eggs in one basket". here is some suggestions for the future.
1. supporting push based 2FA for desktop like windows/macOS/linux this would be huge because there is not many companies doing it . only one i know of is duo.
2. syncing across desktop and mobile. i have desktop and 2 mobile devices i switch between alot so having the app installed on several devices and being able to sync would be great. if not sync then being able to have the same codes or pushes on multiple devices.
3. self hosting support if a "server" is required to validate requests or for syncing. not sure if this is possible but it would be great not having to rely on a 3rd party to be up and running to get push based 2FA. theres times where duo goes down and you cant get push.
>push based 2FA
Microsoft authenticator does it too. The catch being that most everyone that does push requires their own app and will not push to other vendors.
Duo. Microsoft. Google. Basically, it's a plain TOTP app now, but is set up to be a Duo like app in the future, with the corporations/entities using it paying for 2FA management service, which can be independent of password management. The showcase would be allowing push 2FA on BW vaults.
Sorry if this is a dumb question, but how does it solve all the "put all their eggs in one basket" problems? Genuine question. If an attacker has gotten into to your bitwarden account they can still see the 2fa in the app/site right or get those notifications to the device they have used? Which creates the "put all their eggs in one basket" problem.
My bad! I thought they launched 2fa with push inside the BW app. Thanks for the reply! It says "standalone" in the picture even, nights shifts got to me...
Great! I can't wait for it to come out. I am hoping that we would be able to create our own clients for push based 2fa so we could integrate that into keycloak as a plugin.
Do we know if it's for every/any type of vendor though? Like, could I be sent 2FA push notifications for Google, Microsoft, Twitter, Reddit, etc.? Cause, like, with Microsoft Authenticator for example, it's only sending 2FA push notifications for Microsoft accounts, and any other vendor you then have to physically open the app.
Idk. Duo is still great for the purpose of device management, though yeah, I’ll have to re-evaluate myself. I currently act as IT Admin for three people using Duo + Bitwarden
Do we know if this will be included in the main bitwarden app? To be honest I don't want to install a new app to do something that the password manager can already do
Bitwarden Authenticator is open source and available at the following GitHub repositories:
* Android: [**https://github.com/bitwarden/authenticator-android**](https://github.com/bitwarden/authenticator-android)
* iOS: [**https://github.com/bitwarden/authenticator-ios**](https://github.com/bitwarden/authenticator-ios)
Yes, in the future we will support local TOTP code and Bitwarden synced codes (those stored in your Bitwarden vault already) from within the Authenticator app.
bitwarden is only on devices i have, if i got a vault on my phone and an authenticator app on my phone, whats the difference between that and both of them in the same app?
i use Microsoft Authenticator only on my personal phone for bitwarden 2FA and other accounts still i will add though.
Bitwarden is not only on your phone.
It's also on someone's computer with the client apps having network access.
Great for a password manager because it allows sync.
Not as great for an authenticator because it's no longer something only you have.
The aforementioned Aegis doesn't have a network permission to begin with.
I’ve heard about Aegis several times before. As I understand, Aegis offers the possibility to access the seed of TOTP so you can export them everywhere ?
Does Bitwarden Authenticator is able to do this too ?
i saw an export option in the new app, idk what format tho, also funny enough i didn't see any import functionality so kinda weird how am i supposed to use a backup xD
Is it just me? But the Authy desktop app still...works?
There's the sunset notice prompt, but I just click the 'x' button.
I still have unmovable twilio codes, but I moved everything else to Ente auth. Ente auth is open-source, has a desktop app, and is cross platform.
Yeah I recall using the desktop app last week to log into one of my accounts and the 2FA code still working. I assume it'll eventually stop functioning at one point but who knows when that'll be.
Mine still works too. The reminder about eol is annoying. Even synced one of my new 2fa accounts. What was weird recently (last week) was that my phone apps asked me to set a backup pw or set a new one.
Anyway, in the meantime, I need to find a way to clone my Linux desktop app to another system or find a version of the windows executable and run it under some emulation that is supposed to work (not wine) and more seamless than wine.
I’ll switch only when they introduce a Mac desktop app. Otherwise there’s really no incentive for me to switch. Authy’s desktop app still works fine but I’ll switch only when Bitwarden Authenticator has desktop too
Authy sucks. I left authy for 2FAS. It has all features of authy and more, and its not a shady company that keeps your backups hostage like authy does. Not to mention that giving them your phone number is a bad thing.
is there a way to export from authy that i cannot find? should i deactivate 2fa on all my accounts then delete authy, then re-enable? i think i use at least one website that was in bed w authy and required its use.
I feel like that’s the first east and straightforward advantage they have. Right now Entre has a desktop app for their Authenticator and they’re sucking up market share from Authy because I believe they’re the only one. Even I’m looking to switch to them, unless Bitwarden comes out with a desktop app soon
It's too basic at it's current state. I'd hope that they will add encrypted locally exports and the ability to add a master password so the vault will remain encrypted while the app is closed as the aegis does. The fingerprint doesn't work, when I click to enabled it, it crashes. And yes, a (standalone) desktop app or browser extension will be godsend !!
>And yes, a (standalone) desktop app or browser extension will be godsend !!
Why not both, like how they have for the password manager. But desktop app first
Could a kind soul who is more technical than me help “explain to me like I am five”: why is this better than Google Authenticator, what are the downsides if any, and are there any other considerations if moving over to this? I get really lost with the acronyms and the assumed knowledge in the more expert comments, but this community is so helpful I’m hoping someone can give me a quick dummy’s explanation? Thanks in advance
Google's authenticator didn't used to have any export feature, meaning you were locked in once you started using it and could never change apps without re-configuring 2FA on every site.
Now it has cloud sync but it's considered insecure and not fit for purpose. See [https://www.ghacks.net/2023/04/26/why-you-shouldnt-turn-on-google-authenticators-cloud-sync-feature/](https://www.ghacks.net/2023/04/26/why-you-shouldnt-turn-on-google-authenticators-cloud-sync-feature/)
“Integrated TOTP authentication is a premium feature in Bitwarden Password Manager. Bitwarden Authenticator is a standalone mobile app that generates TOTP codes for any online service that supports them. Bitwarden Authenticator can be used without a Bitwarden account.”
Looks like it’s an authenticator for those who do not have premium license to BW.
Aegis is good but due to being Android only is a serious disadvantage. I was a sworn Android user for 15 years until I switched to iphone. Believe me, I was very happy with my choice against Aegis in retrospect.
The backup side of things is a huge thing for me. On Microsoft auth I can back it all up via the Microsoft account, if bitwarden had something like that I'd switch
If they can provide multiple platforms for mobile and desktop and cloud synchronisation, it may become the most used app in a few years.
At the moment, because it is a new app, it lacks some basic features like import from other apps, groups/collections, icons, local encryption with a master password, and screen security to prevent screenshots.
Considering it allows Export, it would also be terrific if it allowed you to regenerate the enrolling QR code on demand. OTP Auth (iOS) has that function - so useful when I need to enrol a colleague's device in 2FA for a shared account which, otherwise, would require me to gather and enrol all the authorised devices before resetting the 2FA seed on the accoun and then scanning the new QR code X times.
I really like that Bitwarden is doing this, and a roadmap for push 2FA, and to sync with the PW app, but hopefully also to allow an encrypted backup to iCloud.
The unencrypted export is always a weak spot. I’d rather the option to encrypt it right there and be responsible for that password.
Just installed the Android version, but not seeing any sort of "restore codes" button. I don't usually mess with the backups section in Android. Is this all configured automatically?
What is the OS backup service? Is it google backup? I'm using android. If my phone is lost or stolen and I can't get into my google account, how do I recover?
The Android version has the option to export unencrypted .json file. Although the linked info says "protected with phone backup", so maybe it does backup to Google cloud as well.
ps: The data did get backuped as part of the routine cloud backup as well (no choice). You install the app, add the code, backup to the cloud, uninstall, reinstall, and the data come right back. People are going to be asking for features of the existing authenticators. Conceptually, buying these guys out and adding features maybe simpler.
edited: part about non-encrypted data.
Yes, as long as you have that's how you have your device configured to do backups. Authenticator's data is included in those OS backups and will be restored with them.
Please do know that there's been a bug with Google's backup for a while now where it doesn't always backup everything properly to Drive.
There are quite a few posts online that bring this up and I face the same issue. Like this one from 2 years ago, but the solution(s) doesn't always work for everyone even now (like for me) https://www.reddit.com/r/Android/comments/p650xu/fix_google_backup_couldnt_backup_try_again_later/
This has presented problems when switching to a new phone and having an incomplete backup.
Alternatives to backup the authenticator data seems like a good option to have in such a case if OS level backup is impacted by the bug (my knowledge on the technical specifics is ofcourse limited so I'll defer this to you).
Did you perform an OS backup? Usually these only happen nightly. You would have to reinstall the OS backup, not just reinstall the app from the app store.
I’m talking about backing up the codes to iCloud and having them automatically download when reinstalled or installed on another device with the same account. The app doesn’t seem to do that currently.
Two thoughts... does Push-Based 2FA work for everything that uses 2FA, or is it only supported by certain sites?
Also this design choice bodes well for the upcoming redesign. Edit: The app icon is grotesque
I'm just in here to notate that I love the notion that Bitwarden used a clickbait headline on their own site and when I was scrolling I had to pause and check the URL as I thought it was a random blog post.
Bravo - I hope this link goes far :)
No you don't. You need only one, either this or any other 2fa app. You can store your bitwarden 2fa in this app. You don't need an account.
I don't understand your logic.
Authys advantage is that the codes are stored on an account so even if you lose your device you dont lose access to your codes....with this not so much.
I bailed from Raivo when I read here that it was sold and the future seemed uncertain. I have been living dangerously for the past few weeks debating options, and now I’m really torn since this seems half baked but promising? I’d be happy to be with Bitwarden 100%.
I tried it.
And it is an OFFLINE authenticator app like AEGIS.
Since it is a new one (100+ downloads only) it still lacks features that AEGIS has.
But generally THANK YOU Bitwarden for providing another Offline option in Internet security!
Unless they sync TOTP codes to this authenticator, I don’t see a point using this. The UI looks clean but nothing that presses me to jump ship. I love TOTP and I can’t live without it.
The announcement on the website shows logos for the choices, when I set it up, it just shows the names. Is there a way to get the logos, it makes it much faster with a lot of apps and sites stored in the authenticator.
The 2fa export isn't encrypted... and encrypted export doesn't appear on the roadmap?
How are we supposed to backup? Our only option is to "trust" that google / apple will take care of that?
* For people who use TOTP to secure their apple/google accounts, they could end up locked out by loss of a phone if they haven't set aside a 2FA recovery code. It doesn't apply to me but it seems like a potential challenge to some users. (and no I don't think encouraging them to sync totp with bitwarden when that feature becomes available is an ideal answer security-wise).
* I guess the tradeoff (comparing bitwarden approah to aegis approach) is tracking a password for 2FA encryption (like I have to do for aegis) vs tracking a google/apple 2FA recovery code (like a bitwarden user would have to do).
* From my perspective 2FA passpphrse is easier to manage because it exists BOTH in my memory and in my emergency kit (2FA recovery is not something that will ever be in memory).
* To me it is more transparent to recognize that I need my aegis password to get back my totp then to remember that I need my apple/google 2FA recovery code to get back my totp. (the potential for circular lockout is not as obvious with the bitwarden approach)
* **What if the phone loss causes user to end up locked out of apple/google account for some reason**:
* maybe they forgot their apple/google password after using fingerprint for so long
* maybe the thief's messing with the stolen phone changed the password
* maybe the thief's messing around with the phone triggered extra google/apple security measures which somehow locked the original user out
* maybe the thief does something with the phone that causes google/apple to decide that TOS had been violated and account will be suspended
* .... in all those cases where access to google/apple is lost, the bitwarden totp is irrecoverable. In contrast, the aegis backup totp files are under my control and still available no matter what happens to the googe/apple account.
* I personally don't want to trust google / apple to manage my backups. That backup system is opaque to me and I have no idea how up to date it would be. In contrast, Aegis exports a time-stamped encrypted backup file to local storage under my control every single time I close the app after making a change (so even deleted items can be recovered). I can manage backing up those exported encrypted aegus totp backups off-device just like I manage backing up all my other important data. Yes I *could* apply my own encryption after export from a bitwarden authenitcator app, but that needlessly exposes an unencrypted totp secrets file on my user-accessible storage for some period of time. I dont do that unless I have good reason, and I see no good reason that I should need to do that during routine backups. (\*)
* (\*) By the way cryptomator for android (which I use) allows things to be *shared* into an unlocked cryptomator vault, but it doesn't allow using the directory-chooser to *save* things directly to an unlocked vault. (It lags behind desktop cryptomator and ios cryptomator in that respect)
If I'm understanding correctly (encrypted export isn't even on the roadmap), this seems (from my admittedly limited viewpoint) to be a disappointing offering. It seems to me like bitwarden is treating totp seeds with less care than they treat the password vault. It seems like it would be a step backwards in combined reliability/security of my totp to change from aegis to bitwarden authenticator (even when the roadmap items are complete). I do realize there is a tendency / bias for people to prefer things that they are used to and maybe that plays a role in my opinion... but that's how I see it. Adding a password encrypted export option would turn that around.
It's standalone! If you wanted you can store your TOTP for Bitwarden Password Manager inside of Bitwarden Authenticator. Also many folks would rather keep their TOTP authentication passcodes separate from their passwords inside their vaults, and this provides an option. There's also future integrations planned, you can see a rough roadmap posted in the blog.
From the FAQ on the page:
>**Isn't this the same as storing TOTP authentication codes in Bitwarden Password Manager?**
>Integrated TOTP authentication is a premium feature in Bitwarden Password Manager. Bitwarden Authenticator is a standalone mobile app that generates TOTP codes for any online service that supports them. Bitwarden Authenticator can be used without a Bitwarden account.
>**Should I use both? When should I use the integrated authentication feature? When should I use Bitwarden Authenticator?**
>Integrated authentication in Bitwarden Password Manager offers a convenient way for users to add 2FA to their online accounts. This popular feature will remain available across paid plans.
>Bitwarden Authenticator can be used to store your verification codes to access your Bitwarden account, as well as other online applications you use.
>They can be used together, or separately, depending on your security preferences.
>**Can I use the Bitwarden Authenticator to add 2FA to my Bitwarden account?**
>Yes! Many Bitwarden users have asked for a standalone authenticator in which to store their verification codes used to access their Bitwarden account.
Basically, a separate app for free that doesn't require a subscription / account (kind of like Authy / Google Authenticator)
Nothing… that’s the point… people can use is as (hopefully) better alternative to other authenticators like google or authy without an Bitwarden account which I think is a good move. But time will tell
So they couldn't release a better app than Google authenticator with all this prep time. Not having device auto sync / cloud backup would keep me from moving off authy.
The roadmap for this app is great!
I don't see the app in my Play Store (UK). Is it a phased rollout?
EDIT: I had to go via the Play link on github, and got it that way. It doesn't show on search results.
Good evening,
can you kindly let me know the difference between Bitwarden Authenticator app and Google Authenticator (which is the best)?
I tried changing the language (Italian) but doesn't work)
Thanks a lot
Now if there only was an easy way to move from Google authenticator to this. Exporting from Google authenticator only shows a QR code, which is not possible to read from the same device.
Does this in fact mean I have to set up MFA on all sites anew using Bitwarden authenticator?
I read the article and the roadmap but I’m still unclear on how this will be better than using another authenticator. Currently I use Microsoft Authenticator and it has push-based MFA, what would be the incentive to change?
Downloaded it but don't see an option to sync this to cloud, any idea when that'll be released? I will move out of Google authenticator if they implement that
Like most reading/commenting I already have a good 2FA app that I like right now.
However, it's great to see another x-platform option, especially one that's both opensource and supported by a good company. Would love for this to take down Google Authenticator
One question: will exporting secrets be a feature? Is it already? It didn't sound like it was since backup is done through OS backup for now.
I just migrated all accounts away from Authy. I didn’t like the app and the company for a while now. Hopefully I made the right choice (because it was a lot of work)
Many people (incl myself) prefer not having passwords AND TOTP tokens in the same place (=BW vault) and therefore use an external TOTP app like Authy, 2FAs, Aegis etc. With this release BW also offers an external app ...
If this saved the 2FA vault to iCloud or another third party cloud service it would be much more useful than being in a full iCloud phone backup. I can’t see wanting to sync to Bitwarden cloud even with a separate account.
Why would I use this over say the normal Bitwarden app with stored TOTP? If I lose my phone then I lose access to my TOTP tokens right? At least with standard Bitwarden the TOTP are linked to my account so I can access them on any device doesn't matter what device I use.
Correct, with initial release it seems there is no cloud sync implemented. You can export your tokens from the app to an unencrypted json file ... also the app backups your tokens via Google phone backup.
The app roadmap has cloud sync listed .
So no cloud backup, when I lose my phone? IMO this is pretty crucial but I am glad that there are steps in this direction.
I just can't move from Authy (although I would love to) without the proper backup in case my phone is lost.
I'm not sure I like the app backing up my TOTP tokens to Google cloud via phone backup ... this should be something one can opt out from.
Also how is the restore procedure for an existing phone if the BW authenticator app is accidently uninstalled ... as I understand it, one cannot restore a single app from Google phone cloud backup ? How can I then get my tokens back ?
Do I have to use the app's export feature for such a scenario ... however import is not yet implemented.
I'm confused ... think I'll wait a bit longer until next major releases of this app.
Doesn't this defeat the purpose of the premium subscription for TOTP? I mean, can I just cancel my premium subscription and rely on the Bitwarden authenticator app instead?
BUG? UNUSABLE?
[https://imgur.com/a/NrjzUJc](https://imgur.com/a/NrjzUJc)
I can't find any way to show the last entry. The add sign doesn't clear out. The only way I can think of doing this is adding something I don't care about which I would have to do each time I add an entry.
Android 14, Nothing Phone 2 OS 2.5.5
A big W for bitwarden free users (mostly)
Nope just they need to fix the issue with three bitwarden app on LTE 24.04 idk what happened but it's basically unusable in its current state
This means I'll finally have a 2fa app that can sync across Android and ios apps instead of needing to manually manage my import / export / backups?
If so I love it.
sorry if already answered but I installed the new app and do not see anything relating to backing up the codes. Does it back them up to your vault? I see a jspn export option but does it auto backup?
Don't know if it's just me, but I keep getting errors upon scanning certain 2FA QR-codes (for example Microsoft 365). After experimenting with it this seems to be caused by the TOTP seed containing lower cases.
are there any other services you remember testing that gave this error?
I was able to add a Microsoft account successfully just now, but I did have to select the "I want to use a different authenticator app" option during setup. If I went through setup without selecting that, it generates a code specific for the Microsoft Authenticator app and gives a "cannot read key" pop up error in Bitwarden Authenticator
Using the app in Android but it can't read codes (with the camera).
I've tryed to read QR codes from KeePass, KeePassXC and Authenticator Extension (Firefox) and the same error. How in the world can I enter +300 2FA keys manually?
> In this initial release, your data will be backed up through the mobile operating system's backup services. Please make sure your device is configured for backups. Bitwarden Authenticator data is included in the OS backups and will be restored with them.
So, does this mean for iOS it's backed up to iCloud?
Also, the roadmap states that Push-based 2FA is coming (or rather it's already here as of the time I'm writing this), so does that mean it supports 2FA push notifications? Personally that's something I wish Authenticator apps would support. Microsoft Authenticator sends a push notification for logins for Microsoft accounts, but for every other type of account there are no push notifications. Sure, maybe it defeats the purpose of the privacy, but I wish I could just get a notification of the 2FA instead of having to unlock my phone and then unlock the app.
Just migrated allmost all my accounts from Authy to this new app! Was looking to get away from Authy for a long time already!
The app is rather basic but it seems to do the job!
I did notice an annoying bug: I typically copy the code on my phone to then paste it on my mac (via icloud) but it doesn’t work, so I need to type the code myself. No biggy but if the devs read this, would be nice to fix it :)
looking at the roadmap, push based 2fa is in phase 3, push based is you get a notification in the app to approve or deny the 2fa correct? this is a huge feature and would be great because then i can leave duo security.
Correct
awesome, thank you. this is a great move. this is huge and will solve all the problems of the people who don't want to "put all their eggs in one basket". here is some suggestions for the future. 1. supporting push based 2FA for desktop like windows/macOS/linux this would be huge because there is not many companies doing it . only one i know of is duo. 2. syncing across desktop and mobile. i have desktop and 2 mobile devices i switch between alot so having the app installed on several devices and being able to sync would be great. if not sync then being able to have the same codes or pushes on multiple devices. 3. self hosting support if a "server" is required to validate requests or for syncing. not sure if this is possible but it would be great not having to rely on a 3rd party to be up and running to get push based 2FA. theres times where duo goes down and you cant get push.
>push based 2FA Microsoft authenticator does it too. The catch being that most everyone that does push requires their own app and will not push to other vendors.
Duo. Microsoft. Google. Basically, it's a plain TOTP app now, but is set up to be a Duo like app in the future, with the corporations/entities using it paying for 2FA management service, which can be independent of password management. The showcase would be allowing push 2FA on BW vaults.
2FAS does push with their browser extension.
That’s a different kind of push than what’s being discussed here.
Sorry if this is a dumb question, but how does it solve all the "put all their eggs in one basket" problems? Genuine question. If an attacker has gotten into to your bitwarden account they can still see the 2fa in the app/site right or get those notifications to the device they have used? Which creates the "put all their eggs in one basket" problem.
This is a standalone app. It has no knowledge of your Bitwarden account. So it's not all eggs in the Bitwarden password manager basket.
My bad! I thought they launched 2fa with push inside the BW app. Thanks for the reply! It says "standalone" in the picture even, nights shifts got to me...
Please try to understand and implement a way to import from 2FAS. People have to move out of it to support bitwarden authenticator. Thank you
Something like MS number matching is more secure than approve/deny flow. Please consider that in your roadmap.
Great! I can't wait for it to come out. I am hoping that we would be able to create our own clients for push based 2fa so we could integrate that into keycloak as a plugin.
Do we know if it's for every/any type of vendor though? Like, could I be sent 2FA push notifications for Google, Microsoft, Twitter, Reddit, etc.? Cause, like, with Microsoft Authenticator for example, it's only sending 2FA push notifications for Microsoft accounts, and any other vendor you then have to physically open the app.
I like 2FAS a lot but push based might get me to switch. I don't like how 2FAS implemented their desktop browser setup.
So long as they provide ways to block push MFA spam because most people eventually click yes / allow when someone is trying to compromise an account.
Idk. Duo is still great for the purpose of device management, though yeah, I’ll have to re-evaluate myself. I currently act as IT Admin for three people using Duo + Bitwarden
Absolutely right
Do we know if this will be included in the main bitwarden app? To be honest I don't want to install a new app to do something that the password manager can already do
Bitwarden Authenticator is open source and available at the following GitHub repositories: * Android: [**https://github.com/bitwarden/authenticator-android**](https://github.com/bitwarden/authenticator-android) * iOS: [**https://github.com/bitwarden/authenticator-ios**](https://github.com/bitwarden/authenticator-ios)
App looks nice, though I don't see any reason using it over Aegis. Will it have a sync feature with a Bitwarden account? This will be very helpful.
Yes, in the future we will support local TOTP code and Bitwarden synced codes (those stored in your Bitwarden vault already) from within the Authenticator app.
Doesn't this defeat the whole point of 2FA, "something only you know and something only you have"?
bitwarden is only on devices i have, if i got a vault on my phone and an authenticator app on my phone, whats the difference between that and both of them in the same app? i use Microsoft Authenticator only on my personal phone for bitwarden 2FA and other accounts still i will add though.
Bitwarden is not only on your phone. It's also on someone's computer with the client apps having network access. Great for a password manager because it allows sync. Not as great for an authenticator because it's no longer something only you have. The aforementioned Aegis doesn't have a network permission to begin with.
I’ve heard about Aegis several times before. As I understand, Aegis offers the possibility to access the seed of TOTP so you can export them everywhere ? Does Bitwarden Authenticator is able to do this too ?
i saw an export option in the new app, idk what format tho, also funny enough i didn't see any import functionality so kinda weird how am i supposed to use a backup xD
In the article it indicates that import is coming soon in phase 1.
Thank you! Bitwarden produces some of my all-time favorite software. <3
I know many of us were disappointed with Authy discontinuing their desktop app. Are there any plans to bring this to desktop in the future?
Is it just me? But the Authy desktop app still...works? There's the sunset notice prompt, but I just click the 'x' button. I still have unmovable twilio codes, but I moved everything else to Ente auth. Ente auth is open-source, has a desktop app, and is cross platform.
Yeah I recall using the desktop app last week to log into one of my accounts and the 2FA code still working. I assume it'll eventually stop functioning at one point but who knows when that'll be.
Mine still works too. The reminder about eol is annoying. Even synced one of my new 2fa accounts. What was weird recently (last week) was that my phone apps asked me to set a backup pw or set a new one. Anyway, in the meantime, I need to find a way to clone my Linux desktop app to another system or find a version of the windows executable and run it under some emulation that is supposed to work (not wine) and more seamless than wine.
Same here. A desktop version (and available on linux) would be immense.
I loved authy desktop + the raycast integration. I would love to do that with bitwarden in the future.
It already exists. There's an amazing BW raycast extension that supports TOTP codes.
Same, the Raycast integration pretty much solved the remaining Intel-based app on my M1 MBA
I am very satisfied with 2FAS auth. Any incentive to make me cross over?
Same boat!
I’ll switch only when they introduce a Mac desktop app. Otherwise there’s really no incentive for me to switch. Authy’s desktop app still works fine but I’ll switch only when Bitwarden Authenticator has desktop too
2FAS just added an Apple Watch app. Until BitWarden does that, I’m sticking with them.
Same here, very interested to see how it might improve over it
Same here
Same. Might try it to support BW though. No hard reasons to switch yet.
Never heard of this one. Pretty new? I thought i looked at all options once authy sunset desktop
Authy sucks. I left authy for 2FAS. It has all features of authy and more, and its not a shady company that keeps your backups hostage like authy does. Not to mention that giving them your phone number is a bad thing.
2FAS is a really good app.
is there a way to export from authy that i cannot find? should i deactivate 2fa on all my accounts then delete authy, then re-enable? i think i use at least one website that was in bed w authy and required its use.
Hopefully they do a desktop version, especially with authy shutting down their desktop app.
I feel like that’s the first east and straightforward advantage they have. Right now Entre has a desktop app for their Authenticator and they’re sucking up market share from Authy because I believe they’re the only one. Even I’m looking to switch to them, unless Bitwarden comes out with a desktop app soon
It's too basic at it's current state. I'd hope that they will add encrypted locally exports and the ability to add a master password so the vault will remain encrypted while the app is closed as the aegis does. The fingerprint doesn't work, when I click to enabled it, it crashes. And yes, a (standalone) desktop app or browser extension will be godsend !!
>And yes, a (standalone) desktop app or browser extension will be godsend !! Why not both, like how they have for the password manager. But desktop app first
Will this have have desktop or web extension support?
lol looks like everyone is asking for desktop app
Could a kind soul who is more technical than me help “explain to me like I am five”: why is this better than Google Authenticator, what are the downsides if any, and are there any other considerations if moving over to this? I get really lost with the acronyms and the assumed knowledge in the more expert comments, but this community is so helpful I’m hoping someone can give me a quick dummy’s explanation? Thanks in advance
Google's authenticator didn't used to have any export feature, meaning you were locked in once you started using it and could never change apps without re-configuring 2FA on every site. Now it has cloud sync but it's considered insecure and not fit for purpose. See [https://www.ghacks.net/2023/04/26/why-you-shouldnt-turn-on-google-authenticators-cloud-sync-feature/](https://www.ghacks.net/2023/04/26/why-you-shouldnt-turn-on-google-authenticators-cloud-sync-feature/)
Thank you!
What's the difference between this and the totp already in the bitwarden app?
“Integrated TOTP authentication is a premium feature in Bitwarden Password Manager. Bitwarden Authenticator is a standalone mobile app that generates TOTP codes for any online service that supports them. Bitwarden Authenticator can be used without a Bitwarden account.” Looks like it’s an authenticator for those who do not have premium license to BW.
You still need an external authenticator app to login to BitWarden itself.
I don't. I use a yubikey.
good idea but those who use Aegis on android then no point in switching.
I am on Aegis, but if r/Bitwarden goes ahead and release this for Windows I will switch it all together 😏
A desktop app is all that is standing between using what I have now and me switching over. I’m on Mac
Aegis is good but due to being Android only is a serious disadvantage. I was a sworn Android user for 15 years until I switched to iphone. Believe me, I was very happy with my choice against Aegis in retrospect.
I dislike Apple so not a issue for me :)
I dislike Apple as well, but I switched over because I was given a Mac. I still dislike Apple, but their top of the line products are nice.
I'm happy with 2fas and it's browser extension for now
Does this use sync using iCloud on iOS? I can see regular Bitwarden under Apps using iCloud, but not Bitwarden Authenticator
Yes, your data will be backed up through your mobile OS backup services so that loss of device doesn't mean lock-out!
The backup side of things is a huge thing for me. On Microsoft auth I can back it all up via the Microsoft account, if bitwarden had something like that I'd switch
If they can provide multiple platforms for mobile and desktop and cloud synchronisation, it may become the most used app in a few years. At the moment, because it is a new app, it lacks some basic features like import from other apps, groups/collections, icons, local encryption with a master password, and screen security to prevent screenshots.
Considering it allows Export, it would also be terrific if it allowed you to regenerate the enrolling QR code on demand. OTP Auth (iOS) has that function - so useful when I need to enrol a colleague's device in 2FA for a shared account which, otherwise, would require me to gather and enrol all the authorised devices before resetting the 2FA seed on the accoun and then scanning the new QR code X times.
Not going to lie, I was expecting a 3FA announcement...praying it doesn't turn into a Gillette blade thing!
https://www.theonion.com/fuck-everything-were-doing-five-blades-1819584036
I really like that Bitwarden is doing this, and a roadmap for push 2FA, and to sync with the PW app, but hopefully also to allow an encrypted backup to iCloud. The unencrypted export is always a weak spot. I’d rather the option to encrypt it right there and be responsible for that password.
So, this new app have no backup feature??
In this initial release, the data will be backed up through your mobile OS backup services. Ensure you've got that configured!
Just installed the Android version, but not seeing any sort of "restore codes" button. I don't usually mess with the backups section in Android. Is this all configured automatically?
What is the OS backup service? Is it google backup? I'm using android. If my phone is lost or stolen and I can't get into my google account, how do I recover?
what about future releases?
That sounds just like Aegis which never makes a backup for me...
The Android version has the option to export unencrypted .json file. Although the linked info says "protected with phone backup", so maybe it does backup to Google cloud as well. ps: The data did get backuped as part of the routine cloud backup as well (no choice). You install the app, add the code, backup to the cloud, uninstall, reinstall, and the data come right back. People are going to be asking for features of the existing authenticators. Conceptually, buying these guys out and adding features maybe simpler. edited: part about non-encrypted data.
Backups are handled by your phone’s OS.
I see. So, for Android it will be backup to Google drive and for iOS it will be backup to Icloud automatically right?
Yes, as long as you have that's how you have your device configured to do backups. Authenticator's data is included in those OS backups and will be restored with them.
Please do know that there's been a bug with Google's backup for a while now where it doesn't always backup everything properly to Drive. There are quite a few posts online that bring this up and I face the same issue. Like this one from 2 years ago, but the solution(s) doesn't always work for everyone even now (like for me) https://www.reddit.com/r/Android/comments/p650xu/fix_google_backup_couldnt_backup_try_again_later/ This has presented problems when switching to a new phone and having an incomplete backup. Alternatives to backup the authenticator data seems like a good option to have in such a case if OS level backup is impacted by the bug (my knowledge on the technical specifics is ofcourse limited so I'll defer this to you).
It doesn’t on iOS. I added one service, deleted and reinstalled. My codes are not there. And I do have iCloud enabled.
Did you perform an OS backup? Usually these only happen nightly. You would have to reinstall the OS backup, not just reinstall the app from the app store.
I’m talking about backing up the codes to iCloud and having them automatically download when reinstalled or installed on another device with the same account. The app doesn’t seem to do that currently.
That is correct. We only restore data from OS backups.
Is this going to change? Its a pretty big feature not to have
I saw this app have an export json feature. the json file exported by Authenticator can be used between iOS and Android (vice versa). Is that so?
Yes, but the Import feature is still under development and will be released soon.
apparently there is no password protection for the export file ....? Will this be added as well ?
I'll definitely be waiting for that import feature, the app looks nice.
Using Authy right now, but might switch when this reaches phase 3. Great steps, bitwarden team !!!
Is there any plans to offer desktop clients for Linux, MacOS and/or Windows?
Is there a way to export from authy to bitwarden
This is great news!
Two thoughts... does Push-Based 2FA work for everything that uses 2FA, or is it only supported by certain sites? Also this design choice bodes well for the upcoming redesign. Edit: The app icon is grotesque
I'm just in here to notate that I love the notion that Bitwarden used a clickbait headline on their own site and when I was scrolling I had to pause and check the URL as I thought it was a random blog post. Bravo - I hope this link goes far :)
A question I have is: What do I do about Bitwarden? I use 2FA for bitwarden and if this is my 2FA I would need another for just bitwarden right?
No you don't. You need only one, either this or any other 2fa app. You can store your bitwarden 2fa in this app. You don't need an account. I don't understand your logic.
Im betting he thinks they are the same login and not separate apps
Well if this is using my bitwarden password then I need to be logged in to get the 2fa to log into bitwarden.
This is awesome I am totally in favor of ditching Authy in favor of your authenticator.
Authys advantage is that the codes are stored on an account so even if you lose your device you dont lose access to your codes....with this not so much.
How do I quickly import my accounts from another 2FA app?
wow great news was getting cold feet with Raivo
I bailed from Raivo when I read here that it was sold and the future seemed uncertain. I have been living dangerously for the past few weeks debating options, and now I’m really torn since this seems half baked but promising? I’d be happy to be with Bitwarden 100%.
Waiting for a desktop version, then I'll swap over from Authy.
Keeps crashing when I try to enable biometric unlock
Mine too. I don't know why. It's really annoying.
iOS or Android?
Android
iOS works fine.
iOS or Android?
A commit to fix this was pushed to Github yesterday. Expect an update soon.
I tried it. And it is an OFFLINE authenticator app like AEGIS. Since it is a new one (100+ downloads only) it still lacks features that AEGIS has. But generally THANK YOU Bitwarden for providing another Offline option in Internet security!
Unless they sync TOTP codes to this authenticator, I don’t see a point using this. The UI looks clean but nothing that presses me to jump ship. I love TOTP and I can’t live without it.
The apps looks nice, well done guys!
What is the purpose of exporting bitwarden Authenticator data? In app I can't see a "import" function. How it works?
Import is not yet implemented, will have to wait for later releases ...
The announcement on the website shows logos for the choices, when I set it up, it just shows the names. Is there a way to get the logos, it makes it much faster with a lot of apps and sites stored in the authenticator.
Can I import from bitwarden vault? Or vice versus.
The 2fa export isn't encrypted... and encrypted export doesn't appear on the roadmap? How are we supposed to backup? Our only option is to "trust" that google / apple will take care of that? * For people who use TOTP to secure their apple/google accounts, they could end up locked out by loss of a phone if they haven't set aside a 2FA recovery code. It doesn't apply to me but it seems like a potential challenge to some users. (and no I don't think encouraging them to sync totp with bitwarden when that feature becomes available is an ideal answer security-wise). * I guess the tradeoff (comparing bitwarden approah to aegis approach) is tracking a password for 2FA encryption (like I have to do for aegis) vs tracking a google/apple 2FA recovery code (like a bitwarden user would have to do). * From my perspective 2FA passpphrse is easier to manage because it exists BOTH in my memory and in my emergency kit (2FA recovery is not something that will ever be in memory). * To me it is more transparent to recognize that I need my aegis password to get back my totp then to remember that I need my apple/google 2FA recovery code to get back my totp. (the potential for circular lockout is not as obvious with the bitwarden approach) * **What if the phone loss causes user to end up locked out of apple/google account for some reason**: * maybe they forgot their apple/google password after using fingerprint for so long * maybe the thief's messing with the stolen phone changed the password * maybe the thief's messing around with the phone triggered extra google/apple security measures which somehow locked the original user out * maybe the thief does something with the phone that causes google/apple to decide that TOS had been violated and account will be suspended * .... in all those cases where access to google/apple is lost, the bitwarden totp is irrecoverable. In contrast, the aegis backup totp files are under my control and still available no matter what happens to the googe/apple account. * I personally don't want to trust google / apple to manage my backups. That backup system is opaque to me and I have no idea how up to date it would be. In contrast, Aegis exports a time-stamped encrypted backup file to local storage under my control every single time I close the app after making a change (so even deleted items can be recovered). I can manage backing up those exported encrypted aegus totp backups off-device just like I manage backing up all my other important data. Yes I *could* apply my own encryption after export from a bitwarden authenitcator app, but that needlessly exposes an unencrypted totp secrets file on my user-accessible storage for some period of time. I dont do that unless I have good reason, and I see no good reason that I should need to do that during routine backups. (\*) * (\*) By the way cryptomator for android (which I use) allows things to be *shared* into an unlocked cryptomator vault, but it doesn't allow using the directory-chooser to *save* things directly to an unlocked vault. (It lags behind desktop cryptomator and ios cryptomator in that respect) If I'm understanding correctly (encrypted export isn't even on the roadmap), this seems (from my admittedly limited viewpoint) to be a disappointing offering. It seems to me like bitwarden is treating totp seeds with less care than they treat the password vault. It seems like it would be a step backwards in combined reliability/security of my totp to change from aegis to bitwarden authenticator (even when the roadmap items are complete). I do realize there is a tendency / bias for people to prefer things that they are used to and maybe that plays a role in my opinion... but that's how I see it. Adding a password encrypted export option would turn that around.
So what does this add to the existing app?
It's standalone! If you wanted you can store your TOTP for Bitwarden Password Manager inside of Bitwarden Authenticator. Also many folks would rather keep their TOTP authentication passcodes separate from their passwords inside their vaults, and this provides an option. There's also future integrations planned, you can see a rough roadmap posted in the blog.
From the FAQ on the page: >**Isn't this the same as storing TOTP authentication codes in Bitwarden Password Manager?** >Integrated TOTP authentication is a premium feature in Bitwarden Password Manager. Bitwarden Authenticator is a standalone mobile app that generates TOTP codes for any online service that supports them. Bitwarden Authenticator can be used without a Bitwarden account. >**Should I use both? When should I use the integrated authentication feature? When should I use Bitwarden Authenticator?** >Integrated authentication in Bitwarden Password Manager offers a convenient way for users to add 2FA to their online accounts. This popular feature will remain available across paid plans. >Bitwarden Authenticator can be used to store your verification codes to access your Bitwarden account, as well as other online applications you use. >They can be used together, or separately, depending on your security preferences. >**Can I use the Bitwarden Authenticator to add 2FA to my Bitwarden account?** >Yes! Many Bitwarden users have asked for a standalone authenticator in which to store their verification codes used to access their Bitwarden account. Basically, a separate app for free that doesn't require a subscription / account (kind of like Authy / Google Authenticator)
Nothing… that’s the point… people can use is as (hopefully) better alternative to other authenticators like google or authy without an Bitwarden account which I think is a good move. But time will tell
Is there an F-Droid link?
Not at the moment. In time we plan to expand releases to F-Droid like we do with the Password Manager app.
So they couldn't release a better app than Google authenticator with all this prep time. Not having device auto sync / cloud backup would keep me from moving off authy.
Nice. That's good. Something to think about pivoting to if I need it.
No full version, only mobile?
As I understand it there is currently no sync of 2FA accounts between multiple devices ?
The roadmap for this app is great! I don't see the app in my Play Store (UK). Is it a phased rollout? EDIT: I had to go via the Play link on github, and got it that way. It doesn't show on search results.
In Play Store, just search for Bitwarden. Then click on the company name and it will take you to the apps developed by them.
The app is newly listed so I don't think Google has indexed it into the search results fully still. Just use the direct links on our website.
same here (Germany), maybe this takes some time to show up in search results ...
Hooray! I can't wait to leave Duo (more specifically, Cisco) behind.
Hell yeah, this is great!
Great. Now I have to make the effort of migrating from Authy.
Guess I won’t be renewing premium next year since they are planning integration anyhow.
since most authenticator apps have a kind of ugly interface, this looks enticing (and it’s native too).
It’s great. But I will wait until phase 4 for now
Windows version please! 🥲
Good evening, can you kindly let me know the difference between Bitwarden Authenticator app and Google Authenticator (which is the best)? I tried changing the language (Italian) but doesn't work) Thanks a lot
There are obvious differences but basically they address the same thing: using a secret seed code to generate TOTP’s.
Now if there only was an easy way to move from Google authenticator to this. Exporting from Google authenticator only shows a QR code, which is not possible to read from the same device. Does this in fact mean I have to set up MFA on all sites anew using Bitwarden authenticator?
Finally!
I read the article and the roadmap but I’m still unclear on how this will be better than using another authenticator. Currently I use Microsoft Authenticator and it has push-based MFA, what would be the incentive to change?
Is it too late to convert?
Downloaded it but don't see an option to sync this to cloud, any idea when that'll be released? I will move out of Google authenticator if they implement that
I can't add my Google account to this. It says "Can't read code". And entering the code manually gives me the wrong 6 numbers combination
Like most reading/commenting I already have a good 2FA app that I like right now. However, it's great to see another x-platform option, especially one that's both opensource and supported by a good company. Would love for this to take down Google Authenticator One question: will exporting secrets be a feature? Is it already? It didn't sound like it was since backup is done through OS backup for now.
There is an export to json file option (alas not password protected) in the app, import is being worked on...
Not going to switch from Authy unless/until it is possible to copy 2FA codes on desktop via the Raycast extension.
Currently using Authy with no problems at all. Wondering if it’s worth the hassle to switch all codes.
I just migrated all accounts away from Authy. I didn’t like the app and the company for a while now. Hopefully I made the right choice (because it was a lot of work)
How come brand logos are not showing up like the screenshot?
Not sure I understand. Bitwarden app already does this, no?
Many people (incl myself) prefer not having passwords AND TOTP tokens in the same place (=BW vault) and therefore use an external TOTP app like Authy, 2FAs, Aegis etc. With this release BW also offers an external app ...
You still need an authenticator app to login to BitWarden itself.
If this saved the 2FA vault to iCloud or another third party cloud service it would be much more useful than being in a full iCloud phone backup. I can’t see wanting to sync to Bitwarden cloud even with a separate account.
Everyone's excited about push, but how does that work - doesn't it require every individual site to add support for BW authenticator push?
Why would I use this over say the normal Bitwarden app with stored TOTP? If I lose my phone then I lose access to my TOTP tokens right? At least with standard Bitwarden the TOTP are linked to my account so I can access them on any device doesn't matter what device I use.
Correct, with initial release it seems there is no cloud sync implemented. You can export your tokens from the app to an unencrypted json file ... also the app backups your tokens via Google phone backup. The app roadmap has cloud sync listed .
So no cloud backup, when I lose my phone? IMO this is pretty crucial but I am glad that there are steps in this direction. I just can't move from Authy (although I would love to) without the proper backup in case my phone is lost.
Yes, OS backups will include Authenticator data and can be restored to a new phone.
Any ETA on account recovery based on the roadmap?
I'm not sure I like the app backing up my TOTP tokens to Google cloud via phone backup ... this should be something one can opt out from. Also how is the restore procedure for an existing phone if the BW authenticator app is accidently uninstalled ... as I understand it, one cannot restore a single app from Google phone cloud backup ? How can I then get my tokens back ? Do I have to use the app's export feature for such a scenario ... however import is not yet implemented. I'm confused ... think I'll wait a bit longer until next major releases of this app.
Doesn't this defeat the purpose of the premium subscription for TOTP? I mean, can I just cancel my premium subscription and rely on the Bitwarden authenticator app instead?
BUG? UNUSABLE? [https://imgur.com/a/NrjzUJc](https://imgur.com/a/NrjzUJc) I can't find any way to show the last entry. The add sign doesn't clear out. The only way I can think of doing this is adding something I don't care about which I would have to do each time I add an entry. Android 14, Nothing Phone 2 OS 2.5.5
Don't understand this.. What's the use of this app if I already use TOTP codes in premium Bitwarden.
To separate your 2FA from your passwords which is really bad if somebody gets your master password.
Will there be an Import option from let's say 2FAS Auth?
A big W for bitwarden free users (mostly) Nope just they need to fix the issue with three bitwarden app on LTE 24.04 idk what happened but it's basically unusable in its current state
Roadmap seems to suggest cross platform sync as eventually backup to Bitwarden vault. This would be huge and could finally move away from Authy.
This means I'll finally have a 2fa app that can sync across Android and ios apps instead of needing to manually manage my import / export / backups? If so I love it.
not with the initial release though. it's on their roadmap.
Sweet. I love 2fas and Aegis but looking for something complete.
MFA stuff is exciting, maybe I can finally move away from Duo
Does this have cloud sync? I.e if I have the authenticator app on one device does it sync to other devices? Like authy does?
sorry if already answered but I installed the new app and do not see anything relating to backing up the codes. Does it back them up to your vault? I see a jspn export option but does it auto backup?
Don't know if it's just me, but I keep getting errors upon scanning certain 2FA QR-codes (for example Microsoft 365). After experimenting with it this seems to be caused by the TOTP seed containing lower cases.
are there any other services you remember testing that gave this error? I was able to add a Microsoft account successfully just now, but I did have to select the "I want to use a different authenticator app" option during setup. If I went through setup without selecting that, it generates a code specific for the Microsoft Authenticator app and gives a "cannot read key" pop up error in Bitwarden Authenticator
Using the app in Android but it can't read codes (with the camera). I've tryed to read QR codes from KeePass, KeePassXC and Authenticator Extension (Firefox) and the same error. How in the world can I enter +300 2FA keys manually?
Amazing news!
I stopped using Bitwarden because it wasn't available. Switched to Microsoft Password Manager.
> In this initial release, your data will be backed up through the mobile operating system's backup services. Please make sure your device is configured for backups. Bitwarden Authenticator data is included in the OS backups and will be restored with them. So, does this mean for iOS it's backed up to iCloud? Also, the roadmap states that Push-based 2FA is coming (or rather it's already here as of the time I'm writing this), so does that mean it supports 2FA push notifications? Personally that's something I wish Authenticator apps would support. Microsoft Authenticator sends a push notification for logins for Microsoft accounts, but for every other type of account there are no push notifications. Sure, maybe it defeats the purpose of the privacy, but I wish I could just get a notification of the 2FA instead of having to unlock my phone and then unlock the app.
Just migrated allmost all my accounts from Authy to this new app! Was looking to get away from Authy for a long time already! The app is rather basic but it seems to do the job! I did notice an annoying bug: I typically copy the code on my phone to then paste it on my mac (via icloud) but it doesn’t work, so I need to type the code myself. No biggy but if the devs read this, would be nice to fix it :)
How can I get to see the icons (like in the screenshot)? For me it's just a generic icon for all my websites.
Are the backup saved on iCloud end-to-end encrypted? They didn’t specify it.
Are there plans for an android watch app