this post was submitted on 28 Jan 2025
278 points (96.6% liked)

You Should Know

34643 readers
10 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.

Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.

Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.

Rule 11- Posts must actually be true: Disiniformation, trolling, and being misleading will not be tolerated. Repeated or egregious attempts will earn you a ban. This also applies to filing reports: If you continually file false reports YOU WILL BE BANNED! We can see who reports what, and shenanigans will not be tolerated.

Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
278
YSK that Bitwarden will require you to enter verification codes sent to your email before letting you log in, starting February 2025 (Edit: This is for those who aren't currently using 2FA) (lemmy.dbzer0.com)
submitted 3 weeks ago* (last edited 3 weeks ago) by [email protected] to c/[email protected]
87 comments fedilink hide all child comments
 

Why YSK: Because if you are like most people, you also store your email's password in your Bitwarden Vault and not bother remembering it, causing you to potentially get locked out (since you wouldn't be able to log in to your email to get the verification code, because your email's password is in the vault itself πŸ‘€)

(Imagine leaving your key in your house, lol)

Source: https://bitwarden.com/help/new-device-verification/

Excerpt:

To keep your account safe and secure, in February 2025, Bitwarden will require additional verification for users who do not use two-step login. After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process when logging in from a device you have not logged in to previously. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt.

Good thing I noticed, otherwise I might've had a bad time next month πŸ˜–

Edit: Updated title to clarify that people who have 2FA are not affected.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 95 points 3 weeks ago (9 children)

On the other hand, NOT using MFA on an online password manager is just poor opsec.

[–] [email protected] 14 points 3 weeks ago* (last edited 3 weeks ago) (8 children)

I understand that perspective, but honesly, for me, the threat of misplacing 2fa is higher than getting hacked.

[–] darkstar 0 points 1 week ago (1 children)

Sorry dude, if keeping your 2fa codes safe is too much to ask then you really shouldn't be on the internet.

Using a password manager without 2fa is a recipe for disaster, you might as well just use the same password for all your accounts at that point, then you don't need the inconvenience of a password manager

[–] [email protected] 1 points 1 week ago (1 children)

So, how do you propose I safeguard the 2FA?

Hardware based ones can easily get damaged, or when there's a fire, completely destory it. I am not rich enough to have a second home. And I can't affor any "safe deposit boxes". I don't have any trusted friends to keep a backup 2FA key at.

Software based ones are same, if you print out the info. And if you store it online, you're gonna need to encrypt it. And that is gonna be another password.

So all that trouble and its still 1FA (two different passwords is still 1FA).

So, if you want to be helpful, how do I manage 2FA keys without getting myself locked out?

[–] darkstar 1 points 1 week ago
  1. Use a 2FA app that allows you to export encrypted backup (I use Aegis)
  2. Make an encrypted backup of your 2FA keys and store that using the 321 rule.
  3. The 321 rule is 3 copies, 2 different types of media, and 1 copy offsite.

If your 2FA backup is encrypted, you can even store it in Google Drive or wherever, ask a family member to keep a copy, it doesn't matter if the password is strong.

If you're extra scared of losing your keys then you can use something like Authy as a last resort, they make it super easy.

I work in cyber forensics and incident response, 2FA and strong passwords can prevent 99% of the shit I see.

load more comments (6 replies)
load more comments (6 replies)