Bitwarden

1106 readers

1 users here now

Discuss the Paswordmanager Bitwarden.

founded 2 years ago

MODERATORS

wuffa@discuss.tchncs.de

E-Mail codes (feddit.org)

submitted 11 months ago* (last edited 11 months ago) by federalreverse@feddit.org to c/bitwarden@discuss.tchncs.de

12 comments fedilink hide all child comments

Randomly, some websites seem to have a lot of fun breaking password managers. One inconvenience is sites now often asking for user name and password separately.

Another inconvenience is sites that use six-digit emailed codes instead of passwords. Which is just massively inconvenient because not only do I need to have an email program at the computer I am at, I also need to switch back and forth and copy-paste stuff.

Is there any password manager that works with those? Is there a way to get these codes working with Bitwarden even?

top 12 comments

sorted by: hot top controversial new old

[–] Fiivemacs@lemmy.ca 8 points 11 months ago (2 children)

I'm fighting with my bank on the 2fa issue right now. They demand we use sms and turn notifications for the bank on in our phones..like no, I won't grant you this access to my phone. I refuse solicitations in any form

[–] Electricblush@lemmy.world 5 points 11 months ago (1 children)

Also SMS is extremely insecure, and relatively easy to spoof/steal.

[–] Fiivemacs@lemmy.ca 1 points 11 months ago* (last edited 11 months ago) (1 children)

I have 'passwords' should anyone try to request sim swapping, like you can't port my number without authorization, apparently. But I'm still skeptical. I doubt anything would ever happen but I'd rather be safe then sorry.

[–] Electricblush@lemmy.world 1 points 11 months ago* (last edited 11 months ago)

There are more sinister ways to do this then sim swapping.

There is too little control over nodes in modern cell networks.

Check out https://www.uniladtech.com/social-media/youtuber-hacks-phone-expose-flaw-system-168221-20240925

[–] eager_eagle@lemmy.world 2 points 11 months ago (1 children)

that would be an immediate account closure from me

[–] Fiivemacs@lemmy.ca 2 points 11 months ago

There's not really any other options. The other options offer no real in person accountability and I don't like that.

[–] lordnikon@lemmy.world 5 points 11 months ago* (last edited 11 months ago) (2 children)

Where this comes from is not about inconveniencing you. It's becase the site you are visiting doesn't want to store your password. It's called zero trust architecture and unfortunately the way it's setup they can't give you a code into your password manager becase it's not like 2fa it's a session specific not time specific. So they have to send you their code when you start the session.

[–] Electricblush@lemmy.world 3 points 11 months ago* (last edited 11 months ago) (1 children)

This. It is inconvenient, but it does help with the issue that systems constantly get compromised and credentials stolen.

I wish companies would support more user friendly technology like ubikey or similar instead...

[–] federalreverse@feddit.org 2 points 11 months ago (1 children)

Hahaha dear l*rd. Switching back from Linux to Windows made my Yubikey such a pita. Instead of just tapping it to log in, I now need three clicks and type a four-character PIN that Windows forced upon me.

[–] lordnikon@lemmy.world 3 points 11 months ago

It's cause windows wants to take a picture of you to login for .... Reasons

[–] federalreverse@feddit.org 1 points 11 months ago* (last edited 11 months ago) (1 children)

In theory, it's not impossible to have IMAP in a browser add-on. So why is there not some kind add-on to suss out the codes from these mails and make them pasteable..? This could include integration with throwaway mail accounts too, so I wouldn't get this PIN code spam in my main mail account.

[–] lordnikon@lemmy.world 2 points 11 months ago* (last edited 11 months ago)

Yeah that's a good idea right now I used a catch all on my domain for those logins so it's already separated out. I don't knowing how I feel about getting my mail account to bitwarden if I didn't do that. The other issue you run into is there no standard for those email messages. So the plugin would need to process the message to find the code.