Password manager: Bitwarden delivers Authenticator as a standalone app
Bitwarden has developed a standalone authenticator app. Until now, time-based one-time passwords were only available as an additional function for subscribers.
(Bild: Tero Vesalainen/Shutterstock.com)
The makers of the password manager Bitwarden have so far offered time-based one-time passwords (TOTP) as a Pro function for subscribers. Now a standalone app is being added. It is available free of charge.
Time-based one-time passwords serve as an additional factor in an authentication request. Paypal, for example, offers this to provide additional security for transactions, but various other services also use it to provide better protection against unauthorized log-ins with data captured in phishing attacks.
(Bild: Bitwarden)
Bitwarden Authenticator: free alternative
There are already several authenticator apps that generate these time-based additional PINs, usually free of charge. The best known is probably the Google Authenticator, and Microsoft also offers its own app. However, if you don't want to entrust companies with these secrets, you can use other services - there are several free alternatives. Thanks to Bitwarden, the choice is now wider.
Bitwarden Authenticator is available to install for Google's Android in the Play Store, as well as in Apple's App Store for iOS devices. The app is easy to use as usual: To set up two-factor authentication for an app or website, interested parties must go to its 2FA page or dialog and scan the QR code displayed there or enter the secret - a long string of characters - manually. This can be done by tapping the "+" symbol and selecting "Scan a QR code" or "Enter key manually" in the app.
A long press on an entry allows you to add usernames or change the algorithm for creating one-time passwords, the refresh period and the number of digits. These are specified by the service or app used and should only be changed if the website requires it or allows such changes, Bitwarden explains in the online help for the new Authenticator app. A quick tap copies the current codes to the clipboard so that they can be used quickly and directly on a website or app.
Data can be exported in the settings, as a .json or .csv file. Direct import is currently not possible. The encrypted data is backed up by the smartphone's cloud backup system, such as iCloud, explain the Bitwarden developers. To restore the data, it is only necessary to restore the device backup from the cloud. According to Bitwarden's blog entry, users should therefore ensure that the device backup is activated in the operating system.
A roadmap can also be found there: Data import is coming soon. Synchronization with the Bitwarden account and the Bitwarden Vault is also planned. Further down the line, push-based 2FA requests and account recovery are on the list. The translations offered in the settings are not yet available; the app currently continues to display English terms. However, this is likely to be improved soon, even without an explicit announcement.
Cyber criminals are also trying to exploit the trend towards better access protection with TOTP. In Apple's App Store and Google's Play Store, for example, IT security researchers have discovered malicious apps that send the scanned QR codes with the seeds to the criminal masterminds' servers.
Google explicitly offers cloud synchronization of this data. However, there were problems with the supposed end-to-end encryption - although within a TLS-protected connection, the data only went over the line in Base32 encoding. This enables man-in-the-middle attacks.
(dmk)