this post was submitted on 30 Mar 2024
299 points (79.6% liked)
Technology
59669 readers
3064 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'd be perfectly okay with them just charging for Bitwarden, period. Instead they pretend it's free but charge premium for all the most effective security features, including 2FA to their own services. Effectively it creates a group of people that use Bitwarden without access to these security features but complacent enough to not seek alternatives that would offer these features at a price acceptable for them (possibly free, like KeepassXC).
Bottom line: security shouldn't be a premium feature. It should be either available or not at all. Never as a premium within the service.
For logging in, Bitwarden supports TOTP, email, and FIDO2 WebAuthn on the free plan. It only adds Yubikey OTP and Duo support at the paid tier, and WebAuthn is superior to both of those methods. This is an improvement that they made fairly recently - back in September 2023.
The other features that the free plan lacks are:
I wasn't aware they added WebAuthn to the free plan recently. That's great to hear, thanks for the correction!
I disagree.
Simply adopting the use of their free service (or any password manager, sans 2FA) is an upgrade in terms of personal security. That's moving in the right direction from memorized (and let's be honest, that means using the same or a small list of similar passwords) passwords everywhere.
The existence of alternatives that include 2FA at no cost works against your point IMO. But that also comes at a cost - Keepass requires that you manage your own sync and backup.