Does anyone know why there are no dedicated Authenticator apps made by for example Proton or Bitwarden?

I’m aware that they have TOTP baked into their password managers but you still need to have at least one separate solution to log into your vault.

    • voracitude@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      9 months ago

      Because if - if - your master password database gets breached, having your TOTPs in a separate vault is the difference between

      Shit, they got into my stuff which doesn’t support TOTP

      and

      Shit, they got into everything

      • GravitySpoiled@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        edit-2
        9 months ago

        No. If anyone has access to your email or master password, they can simply reset any other account. How would your difficult (one time used) password of protonmail be leaked? Proton doesn’t have it. Only if you’ve got powerful malware on your device and then it doesn’t matter in which app your shit is stored.

        • voracitude@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          9 months ago

          What? No. That depends on the site in question. If you have 2FA, the site should not let you reset your password without that 2FA - it’s one of the major points of even having 2FA. If a website lets you reset your password without the multifactor auth you set up, they’re doing it wrong.

          Edit: to be clear, we’re talking about having your multifactor auth in the same vault as you keep your passwords. That’s fine to do as long as your vault doesn’t get breached. If you do get breached, having your TOTP secrets in a different vault will help keep at least some of your accounts safe.