jonathanvmv8fSep 11, 2023

Why do password managers charge for TOTP code generation?

https://lemm.ee/post/7541357

Why do password managers charge for TOTP code generation? - lemm.ee

Is this some sort of a convenience feature hidden behind a paywall to justify purchasing their subscriptions or does generating the codes actually cost money? If the latter is the case, how do applications like Aegis do it free of cost?

Show threadddnomadSep 11, 2023
Please don’t use your password manager for TOTP tokens. It is called two factor authentication for a reason.
Show threadjardSep 11, 2023
I use Bitwarden TOTP because my Bitwarden account is already secured with a Yubikey as a second factor. It’s the best solution I have for services that only provide TOTP and not FIDO (I would use the Yubikey directly otherwise.)
Show threadumami_wasabi
Except Steam and banks that are stubborn and insist to use a custom implementation rather a standard one.
Sep 11, 2023 at 8:33pmWeb
Show threadVonRepostiSep 11, 2023
The Danish ID solution actually offers the possibility to use FIDO U2F. Unfortunately the requirements were to provide the option and not how to provide it, so you have to purchase their “special” key since you can’t use your own Yubikey even though it’s the same hardware…
Show threadjardSep 11, 2023

Yep, for some reason Valve and the incessant Steam fanboys insist that mobile-based Steam Guard is absolutely perfect and anything like U2F just makes things more insecure… somehow.

Fortunately, Bitwarden at least implemented Steam’s own TOTP algorithm. With a very user unfriendly process you can grab the authenticator key Steam gives you via the third party Steam Guard desktop client, insert it into Bitwarden, and then it’ll happily generates the right verification codes for you.