this post was submitted on 30 Mar 2024
298 points (79.3% liked)
Technology
59724 readers
3199 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Does it beat Bitwarden though? Bitwardan has supported at least 2 services for me using passkeys ,one of which is google.
I might be misunderstanding this,but it doesn't seem like proton beat anyone to anything.
Edit for info: https://bitwarden.com/passwordless-passkeys/
They're talking about the fact that Bitwarden doesn't support passkeys on mobile
Right,yeah,that's true for mobile indeed.
Sad that these sort of features are paywalled.
Why shouldn’t these features require money?
It’s $10 per YEAR. This is an extremely reasonable price given the importance of the service.
Bitwarden employees need to eat too.
It's not paywalled. It's not yet implemented in mobile bitwarden apps. It probably won't be paywalled once implemented because it's not paywalled in extension where it's already implemented
2FA is a paid feature in Bitwarden. That's the feature we were talking about.
Edit: fuck me for explaining myself
You're getting downvoted because that, in fact, isn't the feature we were talking about.
2FA and passkeys are different
I'd be perfectly okay with them just charging for Bitwarden, period. Instead they pretend it's free but charge premium for all the most effective security features, including 2FA to their own services. Effectively it creates a group of people that use Bitwarden without access to these security features but complacent enough to not seek alternatives that would offer these features at a price acceptable for them (possibly free, like KeepassXC).
Bottom line: security shouldn't be a premium feature. It should be either available or not at all. Never as a premium within the service.
For logging in, Bitwarden supports TOTP, email, and FIDO2 WebAuthn on the free plan. It only adds Yubikey OTP and Duo support at the paid tier, and WebAuthn is superior to both of those methods. This is an improvement that they made fairly recently - back in September 2023.
The other features that the free plan lacks are:
I wasn't aware they added WebAuthn to the free plan recently. That's great to hear, thanks for the correction!
I disagree.
Simply adopting the use of their free service (or any password manager, sans 2FA) is an upgrade in terms of personal security. That's moving in the right direction from memorized (and let's be honest, that means using the same or a small list of similar passwords) passwords everywhere.
The existence of alternatives that include 2FA at no cost works against your point IMO. But that also comes at a cost - Keepass requires that you manage your own sync and backup.
The point of the post was that Proton Pass is beating Bitwarden right now to having passkeys for mobile (Bitwarden has still not released that), and Proton Pass can actually export passkeys which Bitwarden does not do, so they are improving. I would not say though they are better all round than Bitwarden. I pay for both but am still evaluating the rest of Proton Pass vs Bitwarden especially around tweaks in options. But Proton is showing some innovation and momentum, while Bitwarden is slowing a bit. For those already using Proton they will likely find Proton Pass good enough to use right now.