• Prison Mike@links.hackliberty.org
      link
      fedilink
      arrow-up
      27
      ·
      5 months ago

      It doesn’t help that most password managers kind of suck, you have to do a lot of manual work as a user sometimes.

      I wish websites would start supporting Webauthn/FIDO2 sometime soon. I’m sick of SMS-based 2FA becoming more popular lately (like 10 years late).

      • Fubarberry@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        15
        ·
        5 months ago

        Yeah, the bank that manages my mortgage has mandatory text message 2fa if you’re on a new computer. And something about Firefox keeps it from remembering my machine, so I have to do the text message 2fa everytime.

        Right now it’s working fine, but they had a period of a few months where the text messages would take 10-15min to send after you tried to log in, and the log in attempt would expire after 5 min, making it impossible to log in. All of which could be avoided if they would let me use a 2fa app.

        • Vilian@lemmy.ca
          link
          fedilink
          arrow-up
          8
          ·
          5 months ago

          cookies, firefox has protection against trackers, go to your bank site and click in the shield an the top left and disable it

        • Prison Mike@links.hackliberty.org
          link
          fedilink
          arrow-up
          4
          ·
          5 months ago

          I’ve configured 2FA with my bank using verification codes (can’t think of the proper name, it’s that Authy-/Google-style 2FA c. 2010) but then never utilizes it — it pretends that’s not set up and requests the SMS code. 🫠

          • dbx12
            link
            fedilink
            arrow-up
            3
            ·
            5 months ago

            The thing you are thinking about is called TOTP or timed one time password.

          • Elvith Ma'for@feddit.org
            link
            fedilink
            arrow-up
            12
            arrow-down
            1
            ·
            5 months ago

            …its just a password to access a list of passwords.

            Unless you never thought of, implemented, regularly did and regularly tested your backup of the database. Or… try to use it on more than one device - maybe even at the same time.

            That’s the main problem with KeePass. It’s nice to have it offline, fully under your control and out of the cloud, but that comes with some responsibilities on your end. And now think of how the average user solves this. If you’re tech savvy enough, KeePass is great!

            • WalrusDragonOnABike [they/them]@lemmy.today
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              5 months ago

              You technically only need it on one device if you don’t want to be able to copy/paste or use the autotype feature. Which works fine until you lose or break that one device or upgrade to a new one and forgot you needed to transfer your passwords or delete your database because you didn’t remember what it was and wanted to free up space.

              And Bitwarden has scary things like “self-hosting”.

            • cmnybo@discuss.tchncs.de
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              5 months ago

              It works fine with Syncthing so long as you only ever have the database open on one device at a time.

            • eatham 🇭🇲@aussie.zone
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              5 months ago

              Setup syncthing between the computers. If the person is not tech savy enough, they can always force the tech savy enough person they know to set it up for them. The are no problems with the tech, people just dont know it exists. Even if you don’t or can’t use syncthing (iOS users), you can just be stupid and put it in the cloud.

    • invertedspear@lemm.ee
      link
      fedilink
      arrow-up
      6
      ·
      5 months ago

      I work with programmers and devops people who think BitWarden is too complicated. I get it when it comes to the product team and BAs, but even then.