Thoughts About: Bitwarden
I have been using Bitwarden as my password manager for a few years now. Recently, they've made clear that they will be enforcing two-factor authentication (2FA) for unknown devices.
I usually nuke and pave my system some time in January to get rid of all the unnecessary crud I've collected in the past year. I assume this will make my computer an unknown device to Bitwarden.
Normally, I'm all about making things more secure, and 2FA definitely helps with that, but... they asked the following question:
Do You Have Reliable Access to Your E-Mail Account?
The answer would have been "yes", but only in the case my password manager doesn't lock me out while sending a 2FA-code to my e-mail address to verify things.
To complete the picture, I don't use a smartphone. I don't have an alternate device I could use to gain access to my e-mail account or Bitwarden. I'm one of those people who has and uses just one computer and that's it.
So, now what?
Save login credentials in a plain text file?
The whole idea of using a password manager is that you don't do exactly that.
Should this file ever get exfiltrated, well, there goes every password you've ever used. (Let's be honest, you only add passwords, you never delete any unused ones.)
Though possible, I don't like this option.
Save login credentials in an encrypted plain text file?
I just realized it might be fairly easy to encrypt and decrypt a single text file and store it in a safe location. I like this idea a lot better than the previous one.
But I realized this was an option after I tried to:
Use Another Password Manager, Such as KeePassXC?
I never really liked anything called "KeePass", I kept reading it as "KeepAss". (And now you do too if you didn't already. You're welcome.) However, given the current situation, it might be a good idea to look into what it actually can do.
Long story short, I've installed KeePassXC, played with it for a little bit, and I like what I've seen it do. What I didn't expect was that it handles TOTP with ease, and you can add attachments to password entries. Both are premium features in Bitwarden.
Now I have an encrypted spot to store my e-mail login and I could use TOTP to authenticate to Bitwarden in case I need to.
But using KeePassXC to keep your e-mail login secure begs the question:
Why Still Use Bitwarden?
Quite honestly, I don't know. I have a feeling I'll be deleting my Bitwarden account fairly soon. It might just be a matter of backing up my KeePassXC database file properly and pressing [F] to pay respects.