Especially for personal accounts.
I get why a corporation would require it for employees…
But I hate it when Apple, Samsung, etc. are forcing you to have 2fa, especially by requiring a phone number.
Side note: Bitwarden will be requiring email verification codes starting in February 2025, for those who haven’t enabled 2fa yet (see my Post in YSK). Most people store their email credentials in their password vault… so a lot of people are gonna get locked out of their bitwarden vaults. I kinda hate it, especially on such sort notice (less than 10 days).
I think its great, but only when it’s actual 2FA with a TOTP code. SMS/Email 2FA is annoying to deal with.
I just hate it when the only 2fa option is my phone number.
It should be required everywhere.
Username+password alone is not safe.But if someone store all their 2FA in their password vault, wouldn’t that just be 1FA with extra steps?
You don’t have to store 2fa in your password vault, and even then, you can enable 2fa for the vault. It’s just more secure. Be confident that your login info will be leaked sometime, somewhere. With 2fa you’re still safe.
It still protects against sites getting breached and the password leaked which is very common.
Disagree. So much money is lost because of simple password auth. Mandatory mfa fixes nearly all of it.
Absolutely necessary.
* with the right implementation. Phone numbers or security questions suck
Bitwarden will only ask for 2fa when signing in from a new device.
Problems is, I still haven’t received any notice, and I’m assuming nobody received that notice either. Only knew because I happen to see it on the webpage.
Imagine someone with only a phone (most people have their phone as their only device) and then lose their phone, then try to log in and… “Wtf is this?!?” and their email password is in the vault.
There are probably a lot of people that this scenario will happen to.
They should’ve gave at least 3 month of advance notice befote implementing this, this is rushed and a lot of people are gonna get locked out. (I know you’re supposed to backup, but like do you think the average person just expect Bitwarden to shut down, or just do a policy change with inadequate notice?)
I hate it. It should be my choice. Not all of my accounts need to be super secure. It sucks enough already when my phone breaks or something I don’t need to be locked out of everything
This is something thats actually scary. Phones are so necessary now that when it breaks you could be digitially stranded, unable to log in to anything
2FA has backup codes, plus you can keep TOTP on your other devices too.
Phone/SMS 2FA is a joke. You can tell which organizations need to be ditched.
Depending on the implementation, it’s better than nothing
Sure its deeply flawed in a bunch of ways, but it is miles better than nothing
Phone/SMS 2FA is a joke. You can tell which organizations need to be ditched.
Oh… so you mean like… banks?
🤔
(Guess I gotta find a good mattress to put my money in… 😓 /s)
(Seriously tho, everything like government stuff, taxes, university, everything now requires 2fa, most are sms 2fa 😡, I hate this.)
My small credit union with nine branches offers TOTP 2FA
I despise 2fa. I hate needing my phone within reach at all times, especially considering it’s a device I don’t own, I don’t have root on. There must be a better way.
I dislike it. I already have a unique, long, randomly generated password for every account. That’s stored in a password manager with a unique, long passphrase. 2FA provides very little additional security in that scenario.
Worse, many services won’t let me use a standard TOTP authenticator. Some insist on SMS. Worse, some insist on their own app.
2FA does protect against the password being leaked and used by someone else though.
They been a disaster for the elder and homeless community. Many of them have no cell phone and only login once a week and 2fa makes it pretty much impossible for them.
