Bitwarden has expanded its product suite with the introduction of Bitwarden Authenticator, a new app designed to generate and manage time-based one-time passwords (TOTPs).
TOTP-based authentication operates by generating a temporary code that changes at a set time interval. The user enrolls a device using the app, typically by scanning a QR code, which generates a secret cryptographic key. The app then uses that key to generate new six-digit numerical codes every 30 seconds. The user enters these codes on the login screen as part of a two-factor authentication (2FA) scheme.
The whole idea of this system is that accounts remain protected even in the case of password theft. In terms of the security benefits compared to other 2FA systems, TOTP codes are a lot harder to intercept than codes sent through email or SMS, and because they are particularly ephemeral, replay attacks aren’t practical.
Through the launch of Bitwarden Authenticator, the maker of the popular password management software makes a significant step towards a more dynamic and adaptive authentication ecosystem that complements its portfolio and gives its users more open-source options.
Available on both iOS and Android, Bitwarden Authenticator is designed to strengthen user verification processes by generating TOTP codes, adding an extra layer of security when logging in on services that support this authentication technology.
Unlike the TOTP feature in the Bitwarden Password Manager, which is a premium feature, Bitwarden Authenticator operates independently. It can be utilized by anyone, including those who are not current Bitwarden customers. Users are still free to select if they want to operate Bitwarden Authenticator independently or alongside Bitwarden Password Manager, based on their security needs.
The app supports cloud and mobile across devices, reducing the risk of fraud and data breaches not just for businesses but for individual users at home and on the go. Initial backups are managed through mobile operating system services, ensuring that authenticator data is secure and recoverable.
The current release, which is “phase 1” of the project, offers functionalities for managing local authenticator codes.
Looking forward, Bitwarden plans to incorporate more granular control and policy enforcement around authentication practices, particularly in enterprise settings. Planned enhancements include adding import, account recovery options, vault syncing, and providing businesses with tools for workforce authentication, focusing on compliance with enterprise policies.
For those looking to bolster their online security, Bitwarden Authenticator represents a robust new option in the market. Bitwarden fans or users who prefer using open-source tools are encouraged to evaluate their current setups and consider integrating this new tool to enhance the security of their authentication processes.
Christopher
I’m a fan, long time BW user, not only I trust this product, I also like the people behind it. These are good guys. Thanks for the post.
User
Thank you so much! Alex for founding RestorePrivacy. I learnt A LOT from your webiste.
Alex Lekander
Thank you for reading and commenting 🙂
BITR
That review was like a dance for me, trying to understand the same offering served up two ways being paid/free.
“Unlike the TOTP feature in the Bitwarden Password Manager, which is a premium feature, Bitwarden Authenticator operates independently.”
I understand the motivation by the articles end, with questions.
Do they share the same features?
Do BPM users pay extra to use BA in the BPM?
I’ve had to install TOPT Authenicators for a couple accounts I have and had to install their suggested. ID.me Authenticator for that account.
And
[https://vip.symantec.com] for a bank account.
I had no knowledge about either or even some sites allow TOPT Authenicators as universal 2FA generators.
That latter mention in playstore hasn’t had an update for over a year now.
It seems universal compared to the ID app. But the ‘about app’ might tell why as the features are packed in the VIP.
A year seems long for an app to undate when Ive lost count of the phones updates took.