• @Allero@lemmy.today
      link
      fedilink
      English
      4
      edit-2
      4 months ago

      Yep, and Vaultwarden too!

      Though the most secure practice is to store them separately.

      • @dan@upvote.au
        link
        fedilink
        English
        14 months ago

        The most secure practice for any high-value accounts (email etc) is to use WebAuthn with a hardware key like a Yubikey.

        TOTP is still vulnerable to phishing (a fake login page can ask for both a password and a TOTP code) so business/corporate environments are moving away from them.

        • @Allero@lemmy.today
          link
          fedilink
          English
          14 months ago

          Sure, hardware keys are superior!

          I’m only talking about best practtices when using TOTPs in particular.

    • qaz
      link
      fedilink
      English
      34 months ago

      It is a paid feature though if you don’t selfhost

      • @dan@upvote.au
        link
        fedilink
        English
        3
        edit-2
        4 months ago

        The paid features aren’t free if you self-host either. You still need a premium account to use premium features with a self-hosted Bitwarden, unless you modify the code and remove the licensing checks. Licenses are pretty cheap though.

        The major features are free if you use Vaultwarden, which is an alternative server implementation.