Bitwarden has launched a new authenticator app

ForgottenFlux@lemmy.world to Technology@lemmy.world – 506 points – Bitwarden just launched a new authenticator app. Here’s what it means to users. | Bitwarden Blog
bitwarden.com

Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.

In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.

There is a comprehensive roadmap planned with additional functionality.

Available for iOS and Android

170

You are viewing a single comment
View all comments

Just like in the password manager, they ignored HOTP. Oh well.

Could you tell me more ?

HOTP is an HMAC-based OTP, whereas TOTP is a time-based OTP. Basically, this is how each works:

  • HOTP - based on a key + a counter, which increments with each code generated
  • TOTP - based on a key + time, so you get a new key every N seconds

TOTP is quite common and honestly is all I use, whereas HOTP may be more common in certain enterprises. Main criticisms:

  • HOTP - longer time window for a key to be valid for the entire time between logins (i.e. potentially easier to brute force)
  • TOTP - less user-friendly due to the time window; also, you just need a clock, you don't need to know the counter value (if someone gets the key, they can generate keys whenever)