If you’re an Android user, I really like aegis which is a very nice biometrically, protected and separate 2fa keeper. It also allows for encrypted backups.
Bitwarden has worked great for me over the years, but they recently started fucking around with the UI, which I worry is a signal that they are losing it internally. A standalone OTP app kinda sounds like a PM stunt to widen the funnel, because it’s honestly just confusing that their flagship product is a password manager that already has OTP support, but now this too? I don’t WANT to but I am considering giving up and moving to the Apple Passwords app, at least I know it won’t enshittify the way every non-duopoly piece of software seems to.
Integrated TOTP authentication is a premium feature in Bitwarden Password Manager. Bitwarden Authenticator is a free standalone mobile app that generates TOTP codes for any online service that supports them. Bitwarden Authenticator can be used without a Bitwarden account.
Many Bitwarden users have asked for a standalone authenticator in which to store their verification codes used to access their Bitwarden account.
FWIW, the premium-ness is on the server-side.
So using the same apps with other, BW-compatible servers, you may use TOTP without a premium subscription.
And that version allows you to export the secret. Don’t really see the use of a seperate OTP app when my passwordmanager already handles this cross-devices.
Two I can see are people forced to use 2FA who still don’t use a password manager in the year of the Lord 2025, though other options obviously exist, and maybe people who explicitly don’t want their 2FA secrets and their passwords in a single place
It’s a shame it has no export. A 2FA program with vendor and OS lock-in is not for me. I would like an alternative to Aegis at some point though, because alternatives are good. Hopefully they add an export facility later. You can’t even grab the base32 string out of an individual entry. It’s early days though, I’ll keep an eye on it.
Bitwarden Authenticator is not the same as the regular Bitwarden app. It’s basically Bitwarden’s version of Google authenticator or Aegis. The bitwarden authenticator only supports syncing via iCloud or Google’s sync.
You can also store 2FA codes in the regular bitwarden app, and that has an export feature that doesn’t rely on the OS provider
If, like me, you have a mix of iOS, Android (Graphene - primary), Windows, Mac OS and Linux (primary) but need to access your accounts on all of them, Passkeys are in an utterly terrible state. I don’t see that changing, as it seems to be all about vendor lock in, than anything benefitting a user.
Passkeys are in a nascent state as people are trying to figure out the optimal UX. I think within a couple of years we will see a clear trend to do initial set up/sign in to new devices with securely emailed magic links, then set up passkeys for easy subsequent logins. This will make lock-in a moot point–you can’t be locked in to a vendor if you can just log in with a magic link on any new device. And best of all, it will reduce to the point of nearly eliminating phishing attacks. That will be the key benefit for everyday regular users.
Seems like a nice upgrade over Authy, although I don’t think Authy has an export path (arguably a positive for security but certainly helps with customer retention!) so now I have to decide whether I want to go through the pain of invalidating/regenerating all 2FA codes.
Although since I already use Bitwarden for passwords, maybe it’s good to use a separate vendor for my second factor.
I used Authy because they had a desktop app, but when they scrapped that I moved to Ente Auth as a complement to my Yubikey. I use Bitwarded for managing passwords and other stuff, but I would not like to keep my first and second factor at the same vendor.
Authy does have a nice backup/restore method that is secure against SIM swap attacks (requires you to input a password to decrypt the backup blob with absolutely no recourse if you lose the password) so that is also nice.
If you’re an Android user, I really like aegis which is a very nice biometrically, protected and separate 2fa keeper. It also allows for encrypted backups.
Bitwarden has worked great for me over the years, but they recently started fucking around with the UI, which I worry is a signal that they are losing it internally. A standalone OTP app kinda sounds like a PM stunt to widen the funnel, because it’s honestly just confusing that their flagship product is a password manager that already has OTP support, but now this too? I don’t WANT to but I am considering giving up and moving to the Apple Passwords app, at least I know it won’t enshittify the way every non-duopoly piece of software seems to.
If you already use Bitwarden, and weren’t aware, the “regular” apps and browser extensions have this feature as well.
From the FAQ on that page:
Integrated TOTP authentication is a premium feature in Bitwarden Password Manager. Bitwarden Authenticator is a free standalone mobile app that generates TOTP codes for any online service that supports them. Bitwarden Authenticator can be used without a Bitwarden account.
Many Bitwarden users have asked for a standalone authenticator in which to store their verification codes used to access their Bitwarden account.
FWIW, the premium-ness is on the server-side. So using the same apps with other, BW-compatible servers, you may use TOTP without a premium subscription.
And that version allows you to export the secret. Don’t really see the use of a seperate OTP app when my passwordmanager already handles this cross-devices.
Two I can see are people forced to use 2FA who still don’t use a password manager in the year of the Lord 2025, though other options obviously exist, and maybe people who explicitly don’t want their 2FA secrets and their passwords in a single place
It’s a shame it has no export. A 2FA program with vendor and OS lock-in is not for me. I would like an alternative to Aegis at some point though, because alternatives are good. Hopefully they add an export facility later. You can’t even grab the base32 string out of an individual entry. It’s early days though, I’ll keep an eye on it.
They have an export feature in the iOS app, it can export to JSON or CSV
[Comment removed by author]
Excellent. I had no way to try this but good to know that the feature is available on that platform.
I’m not sure what you mean? I pay for Bitwarden and the export includes the OTP links.
Bitwarden Authenticator is not the same as the regular Bitwarden app. It’s basically Bitwarden’s version of Google authenticator or Aegis. The bitwarden authenticator only supports syncing via iCloud or Google’s sync.
You can also store 2FA codes in the regular bitwarden app, and that has an export feature that doesn’t rely on the OS provider
Oh I didn’t realize they publish a separate app when it’s built into their password manager already.
I use Ente Auth and I’m really happy with it, it’s also OSS but still has syncing like authy has. https://ente.io/auth/
Great, but iOS’s Passwords apps can generate TOTPs now, and anyway OTPs are on their way to becoming obsolete tech thanks to passkeys. Hopefully soon.
If, like me, you have a mix of iOS, Android (Graphene - primary), Windows, Mac OS and Linux (primary) but need to access your accounts on all of them, Passkeys are in an utterly terrible state. I don’t see that changing, as it seems to be all about vendor lock in, than anything benefitting a user.
Passkeys are in a nascent state as people are trying to figure out the optimal UX. I think within a couple of years we will see a clear trend to do initial set up/sign in to new devices with securely emailed magic links, then set up passkeys for easy subsequent logins. This will make lock-in a moot point–you can’t be locked in to a vendor if you can just log in with a magic link on any new device. And best of all, it will reduce to the point of nearly eliminating phishing attacks. That will be the key benefit for everyday regular users.
Seems like a nice upgrade over Authy, although I don’t think Authy has an export path (arguably a positive for security but certainly helps with customer retention!) so now I have to decide whether I want to go through the pain of invalidating/regenerating all 2FA codes.
Although since I already use Bitwarden for passwords, maybe it’s good to use a separate vendor for my second factor.
I used Authy because they had a desktop app, but when they scrapped that I moved to Ente Auth as a complement to my Yubikey. I use Bitwarded for managing passwords and other stuff, but I would not like to keep my first and second factor at the same vendor.
Authy does have a nice backup/restore method that is secure against SIM swap attacks (requires you to input a password to decrypt the backup blob with absolutely no recourse if you lose the password) so that is also nice.