• twistedtxb@lemmy.ca
    link
    fedilink
    English
    arrow-up
    82
    ·
    1 year ago

    When LastPass got hacked I switched to bitwarden and never looked back. Simple and effective interface, works on all platforms, I love it!

    • ijeff@lemdro.idOPM
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      It’s awesome. After using it free for years, I recently became a paid subscriber as a show of support.

      • ikidd@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        1 year ago

        $10/yr is not a big price for what you get. I don’t think I even use the extra features you get with the subscription, but supporting the maintenance and development of a product I would like to use for years to come is important.

        • ijeff@lemdro.idOPM
          link
          fedilink
          English
          arrow-up
          10
          ·
          1 year ago

          Agreed. I like that the free version works well. The lack of pressure or nagging toward paying is what gets me to want to pay. I usually avoid subscriptions.

          • ikidd@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 year ago

            I usually self host but the fact that the option is there and I can use it any time in the future is the main reason i use BW and kick them a bit of money. And not bring nagged or forced to subscribe is a major factor for me as well.

      • TheMadnessKing@lemdro.id
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Honestly, I have been thinking of doing the same. I really don’t require any of their premium features and am getting it to show my support.

        $10/yr is dirt cheap for something so important in our online life.

  • Kaldo@kbin.social
    link
    fedilink
    arrow-up
    26
    ·
    1 year ago

    That’s pretty good, I still wonder how long will it take for companies to actually implement them in practice though. Steam still uses its frustrating steamguard instead of just letting us use any generic 2FA provider like aegis for example, I doubt they’ll implement this any time soon.

  • smileyhead@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    20
    ·
    edit-2
    1 year ago

    How is Bitwarden having all the actually needed things for free, still developing, be most open and community-friendly of cloud-synced managers, allow self-hosting everything for free and still cost just 10$/year for managed premium???

    I bought premium just for the 2FA codes support and recently they announces btw it is free now. Like, buying premium for me now would be like donating, they give me anything I want anyway.

    • SirEDCaLot@lemmy.today
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Their service is probably set up so the per-user overhead is low.
      Think about it- what does your ‘using it’ actually consume? a few hundred KB of disk space and a little bandwidth?

      I agree it’s a great value though. Signed up a few weeks ago and haven’t looked back.

    • ijeff@lemdro.idOPM
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I’d imagine their business and enterprise service is what currently or will pay the bills for them. Either way, I love their approach and the fact that it’s open source.

  • Heavybell@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    1 year ago

    I am still a little unclear on what this means. Isn’t the idea of passkeys that they’re stored on your PC’s TPM? What does Bitwarden “supporting passkeys” mean in that case? Are they not stored on the device if you use Bitwarden?

      • Heavybell@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        So it’s just one half of a key pair stored in Bitwarden, then? And you authenticate to Bitwarden as usual?

        • Mars@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Well, it’s a full keypair being stored: Authenticators like Bitwarden need to first provide the public key to the relying party (RP) so the RP can issue the encrypted auth challenge. The challenge then is handed back to the authenticator, user verification happens, then the challenge is signed by the private key and sent back to the RP for verification to complete the auth ceremony.

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      They’ll probably interface the key exchange from TPM, pulling and storing keys as needed from the TPM to applications you use BW with.

      • SirEDCaLot@lemmy.today
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        No, TPM isn’t involved here. There’s a few kinds of passkeys.

        Hardware bound keys are locked up in a physical device like a TPM or a YubiKey. That physical device has its own security to unlock it- TPMs often work with fingerprints, or a YubiKey usually has a PIN (aka password).

        A passkey can also be done in software, and that’s what’s happening here. BitWarden stores the encryption key within the BitWarden vault, so it can (eventually) be accessed by any device signed into your BitWarden account. Thus the same passkey works on your computer, laptop, phone, tablet, etc.

        It’s worth noting that Google and Apple both do it this way- the passkey is stored in their password manager, and you use Face ID or fingerprint ID to unlock that.

    • node815@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I like to think of it this way in my little bubble. :) I have a Yubkey 5 with NFC. I use passkeylogin into Authentik so all I have to do is plug in my key, unlock it with my master password for the key and touch the disk and I’m logged into my site. If I view the contents of my key with the ykman software, then I can see that I have two logins, one for mobile and one for my site. Each has is different so it knows which one is mobile and which is desktop.

      The same principle may apply with the PC’s TPM. Your credentials may apply the same way there. I’m not 100% familiar with the TPM process but think as long as it works with Fido2 , you should be fine.

  • indigomirage@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Have been looking forward to seeing your they implement this. Once it gels a bit I’ll likely dive in.

  • 4am@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Is this “webauthn” that Proxmox recently added support for?

  • AndyG@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    How does this work when I want to log in from a device that doesn’t have bitwarden, for example my android phone (for now at least) or my TV or otherwise? Can you manually type in a passkey?

  • coyotino [he/him]@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Am I missing something? Bitwarden already has support for authentication via biometrics or Windows Hello. How is this different from that?

    • janguv@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      My naive understanding would be: a passkey replaces a password for an individual login; a biometric authentication replaces a password for the vault that stores individual login passwords.

      • coyotino [he/him]@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        so basically: right now, I have a master password, and I can set up Bitwarden to bypass the master password with biometrics. With passkey set up, I will no longer have a master password, and biometric will be the only login method?

        • smileyhead@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It is not about logging in to BitWarden via PassKey, but logging in via BitWarden to other services.

          Confusing, but what it means is you not storing password in a manager, but a cryptographic private key.

    • TGames@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      With Passkeys you are creating a encryption key pair for use for each service you want to log into as a kind of unquie virtual hardware key that gets stored in a cloud. Acess to that cloud is then contoled by an actual hardware key like the one built into your phone. That means rather than using a hardware key to unlock a vault of passwords which is what you’re doing now, you’re using it to unlock a vault of key pairs.

      The main advantages of this is the services you log into only hold a public key, not a password, but doesn’t have to interact with your hardware key just your passkey provider. Meaning if you need to change your hardware key you only have to change it in one place instead of across everything you login to. That being one of the biggest pain points for getting people using hardware keys even now their built into a lot of platforms.

      The major issue with Passkeys so far has been that it’s been pushed by 3 big single sign on providers, Apple, Google, and Microsoft. And there’s been some worry about being forced to use big corpate closed source providers. But with now with Bitwarden introducing them it’s a big step towards this becoming the future.