Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.
In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.
There is a comprehensive roadmap planned with additional functionality.
Available for iOS and Android
I think a bigger concern is if someone managed to access bitwarden on a logged in instance. Think, leaving your laptop open, or someone steals it from you. If theres two apps for logging then both apps need to be accessible/compromised.
This seems more like a user issue then a security issue. If you are avoiding this feature because you have to idiot proof your security against yourself, your probably going to be compromised at some point anyway.
As for your example, this seems easily avoidable by
- just have the vault timeout be set low (1 minute) and to logout.
- Not leaving your password manager unlocked and unattended (wtf are you thinking lol)
If you are going to write “user issue” in the future, maybe stop and think. You might be calling someone dumb and be defending bad design at the same time.
I think if people read that comment and think they are being called dumb, that’s completely on them and probably a good time to look themselves in the mirror.
Nothing wrong with the design. Its literally just making thing easier at no cost to the user.
