Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.

In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.

There is a comprehensive roadmap planned with additional functionality.

Available for iOS and Android

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    16
    ·
    edit-2
    8 months ago

    HOTP is an HMAC-based OTP, whereas TOTP is a time-based OTP. Basically, this is how each works:

    • HOTP - based on a key + a counter, which increments with each code generated
    • TOTP - based on a key + time, so you get a new key every N seconds

    TOTP is quite common and honestly is all I use, whereas HOTP may be more common in certain enterprises. Main criticisms:

    • HOTP - longer time window for a key to be valid for the entire time between logins (i.e. potentially easier to brute force)
    • TOTP - less user-friendly due to the time window; also, you just need a clock, you don’t need to know the counter value (if someone gets the key, they can generate keys whenever)