Bitwarden

896 readers

4 users here now

Discuss the Paswordmanager Bitwarden.

founded 2 years ago

MODERATORS

[email protected]

E-Mail codes (feddit.org)

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

Randomly, some websites seem to have a lot of fun breaking password managers. One inconvenience is sites now often asking for user name and password separately.

Another inconvenience is sites that use six-digit emailed codes instead of passwords. Which is just massively inconvenient because not only do I need to have an email program at the computer I am at, I also need to switch back and forth and copy-paste stuff.

Is there any password manager that works with those? Is there a way to get these codes working with Bitwarden even?

top 12 comments

sorted by: hot top controversial new old

[–] [email protected] 8 points 1 month ago (2 children)

I'm fighting with my bank on the 2fa issue right now. They demand we use sms and turn notifications for the bank on in our phones..like no, I won't grant you this access to my phone. I refuse solicitations in any form

[–] [email protected] 5 points 1 month ago (1 children)

Also SMS is extremely insecure, and relatively easy to spoof/steal.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (1 children)

I have 'passwords' should anyone try to request sim swapping, like you can't port my number without authorization, apparently. But I'm still skeptical. I doubt anything would ever happen but I'd rather be safe then sorry.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago)

There are more sinister ways to do this then sim swapping.

There is too little control over nodes in modern cell networks.

Check out https://www.uniladtech.com/social-media/youtuber-hacks-phone-expose-flaw-system-168221-20240925

[–] [email protected] 2 points 1 month ago (1 children)

that would be an immediate account closure from me

[–] [email protected] 2 points 1 month ago

There's not really any other options. The other options offer no real in person accountability and I don't like that.

[–] [email protected] 5 points 1 month ago* (last edited 1 month ago) (2 children)

Where this comes from is not about inconveniencing you. It's becase the site you are visiting doesn't want to store your password. It's called zero trust architecture and unfortunately the way it's setup they can't give you a code into your password manager becase it's not like 2fa it's a session specific not time specific. So they have to send you their code when you start the session.

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago) (1 children)

This. It is inconvenient, but it does help with the issue that systems constantly get compromised and credentials stolen.

I wish companies would support more user friendly technology like ubikey or similar instead...

[–] [email protected] 2 points 1 month ago (1 children)

Hahaha dear l*rd. Switching back from Linux to Windows made my Yubikey such a pita. Instead of just tapping it to log in, I now need three clicks and type a four-character PIN that Windows forced upon me.

[–] [email protected] 3 points 1 month ago

It's cause windows wants to take a picture of you to login for .... Reasons

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (1 children)

In theory, it's not impossible to have IMAP in a browser add-on. So why is there not some kind add-on to suss out the codes from these mails and make them pasteable..? This could include integration with throwaway mail accounts too, so I wouldn't get this PIN code spam in my main mail account.

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago)

Yeah that's a good idea right now I used a catch all on my domain for those logins so it's already separated out. I don't knowing how I feel about getting my mail account to bitwarden if I didn't do that. The other issue you run into is there no standard for those email messages. So the plugin would need to process the message to find the code.