• Allero@lemmy.today
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      3 months ago

      Yep, and Vaultwarden too!

      Though the most secure practice is to store them separately.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        The most secure practice for any high-value accounts (email etc) is to use WebAuthn with a hardware key like a Yubikey.

        TOTP is still vulnerable to phishing (a fake login page can ask for both a password and a TOTP code) so business/corporate environments are moving away from them.

        • Allero@lemmy.today
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Sure, hardware keys are superior!

          I’m only talking about best practtices when using TOTPs in particular.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        3 months ago

        The paid features aren’t free if you self-host either. You still need a premium account to use premium features with a self-hosted Bitwarden, unless you modify the code and remove the licensing checks. Licenses are pretty cheap though.

        The major features are free if you use Vaultwarden, which is an alternative server implementation.