I use Bitwarden TOTP because my Bitwarden account is already secured with a Yubikey as a second factor. It’s the best solution I have for services that only provide TOTP and not FIDO U2F (I would use the Yubikey directly otherwise.)
jard
joined 1 year ago
Same story here. I self hosted my email with a Linode for a year and a half and it fucking sucked. Gmail almost always filters inbound email from what they deem as untrustworthy IP addresses (which is pretty much any mail server other than the big players), and even if you never plan on mailing Gmail addresses your server’s IP will show up on some “critical spam” blacklist somewhere simply because you’re running a mail server, which basically spells doom for mail deliverability.
You also need to diligently harden your mail server because bots indiscriminately try to find loopholes in mail server configs all the time, and once they do they start spamming their poor victims through your server. It’s a fool’s errand that varies wildly based on what distro you installed, which mail/postfix/dovecot/fail2bam/dkim/spf etc configuration you have, and a lot of the time the information doesn’t actually exist on the Internet so you have to figure it all out yourself.
Ever since I switched to Tutanota + redirection with my domain I’ve never had any of these issues, and I’m never going to look back. It’s unfortunate, but the days of self hosting mail servers are over. It’s simply not worth the struggle and it just becomes an uphill battle in the end.
Army sergeant engages with a sniper shaolin monk in a brutal battle to the death. Multiple times in a row.
Yep, for some reason Valve and the incessant Steam fanboys insist that mobile-based Steam Guard is absolutely perfect and anything like U2F just makes things more insecure… somehow.
Fortunately, Bitwarden at least implemented Steam’s own TOTP algorithm. With a very user unfriendly process you can grab the authenticator key Steam gives you via the third party Steam Guard desktop client, insert it into Bitwarden, and then it’ll happily generates the right verification codes for you.