undefined | Better HN

0 pointsdwild3y ago0 comments

> This however is not an easy problem to manage and could only be an extra bonus feature to their service.

Extra bonus feature? For me it's pretty obvious it's a necessity. Failover need to be in ALL case offline access.

> My point was that while their software is extremely convenient, it should not be the only place that stores all the means of accessing a service

I can't have an automatic backup done over each new password stored on it. If I need to do it manually each time, it's no longer really a password manager.

0 comments

thanzex3y ago

> Extra bonus feature? For me it's pretty obvious it's a necessity. Failover need to be in ALL case offline access.

It sounds simple if put that way, but there's a myriad of things that can go wrong, again, we don't know exactly what was the problem on their end, but I guess it had to do with authentication/authorization/security. It could be difficult to differentiate between a distruption of the service or abuse.

> I can't have an automatic backup done over each new password stored on it. If I need to do it manually each time, it's no longer really a password manager.

I disagree, a password manager is mostly for convenience and added security, although that could be a possibility I'm not talking about storing all the passwords somewhere else ( and thus updating the list every time ). I'm referring to the TOTPs and Recovery codes.

> it should not be the only place that stores all the means of accessing a service

If I were to lose access to Bitwarden right now, sure, I would not be able to use randomly generated passwords stored there, but my 2FA codes would still be with me, same with recovery codes, so that in the event in which I really NEED to access an account I can still do it, with increased friction of course, but I'm not locked out.