Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Bitwarden has TOTP support in paid plan. And it works with browser extension which recognises domains.


It certainly recognizes the domain, but thats more of a convenience feature than a security feature. Nothing is stopping you from putting your example.com code into legit-example.com manually. Sure the extension won't do it automatically, but if the user is convinced to put the password into the fake website, user could also put in the TOTP code




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: