kwelzel

joined 1 year ago
[–] kwelzel@feddit.de 4 points 1 year ago* (last edited 1 year ago)

Yeah, pretty happy user here overall. I like the email web interface with its different tabs for "General", "Shopping", "Networks", etc., spam filter is reliable, ... It works.

The only thing that annoys me a little is that they got me with their 1€/month offer with custom domain support and now for the new tiers custom domains are only supported in the 3€/month "standard" tier.

[–] kwelzel@feddit.de 3 points 1 year ago

One thing I was always wondering about the OTP feature: If OTPs are used for two-factor authentication but both your password and the OTP can be accessed through Bitwarden, aren't you effectively sidestepping the two-factor part? I mean if I have the OTPs only on my phone then I need to know the Bitwarden master password and I need to have my phone in order to log in. On the other hand if both are in the Bitwarden vault, I only need to know the Bitwarden password. So effectively two-factor becomes one-factor authentication.

Maybe the relevant scenario here is your credentials for some website getting leaked. With OTPs inside Bitwarden any attacker would still not be able to log in as long as they don't know your master password, giving you plenty of time to change your password. Although, if the attacker already found a way to access confidential website logins, they can probably access all kinds of other confidential data related to this account without even logging in as you.