Vivaldi with built-in 2FA authenticator?
-
I just read that Safari has a built-in authenticator, wouldn't this be a good idea for Vivaldi also? And then you could perhaps even use Vivaldi Sync to make back ups of the secret codes.
https://www.zdnet.com/article/how-to-use-safaris-built-in-2fa-code-generator-and-why-you-should/
-
@RasheedHolland Is this the same as passkeys on chrome? https://forum.vivaldi.net/topic/87702/add-passkey-support-for-vivaldi-accounts
-
@RasheedHolland I think this 2FA of Safari is a Apple external web service and a Apple app enhancement.
-
@LonM said in Vivaldi with built-in 2FA authenticator?:
@RasheedHolland Is this the same as passkeys on chrome? https://forum.vivaldi.net/topic/87702/add-passkey-support-for-vivaldi-accounts
No it's not. And to clarify, I'm talking about support for ALL websites that support 2FA. But the reason why I would like to see a built-in authenticator is because I hate having to use my smartphone. You do have desktop apps like WinAuth and Protecc, which are cool, see first two links.
But why not make it even easier by implementing one in Vivaldi itself. It could work like the web2FA - Browser Authenticator extension, see third link. The problem with extensions is that trust and of course reliability play a huge role, so that's why I would like to see it in Vivaldi itself.
https://winauth.github.io/winauth/index.html
https://github.com/FireCubeStudios/Protecc
https://chromewebstore.google.com/detail/web2fa-browser-authentica/gmegpkknicehidppoebnmbhndjigpica -
@DoctorG said in Vivaldi with built-in 2FA authenticator?:
@RasheedHolland I think this 2FA of Safari is a Apple external web service and a Apple app enhancement.
OK then I misunderstood. I thought it was sort of like a standalone extension. But to me the most important part is that I can use it without my smartphone. So for example an extension like 2FAS would be useless to me. The extension shouldn't be tied to the smartphone app.
-
@DoctorG said in Vivaldi with built-in 2FA authenticator?:
@RasheedHolland I think this 2FA of Safari is a Apple external web service and a Apple app enhancement.
Actually, I have just read the article again and it's not tied to the iPhone app, if I understood correctly. It's similar to how password managers nowadays can also generate 2FA codes, like 1Password for example. The difference is that the desktop app from these password managers should always be running in memory. If it was built into Vivaldi, you obviously don't have to be running a third party app for generating 2FA codes.
-
TOTP? No plans yet to builtin in Vivaldi program.
-
@RasheedHolland
It means putting all your eggs in one basket... and with recovery codes also? Yes? So we can be sure to have everything in one place. I strongly disagree.
Ideally, 2FA codes should even be generated on a separate device (e.g., an old J2me-enabled cell phone will do).
Keeping all secrets in one program is a sure way to lose them. -
@far4 said in Vivaldi with built-in 2FA authenticator?:
@RasheedHolland
It means putting all your eggs in one basket... and with recovery codes also? Yes? So we can be sure to have everything in one place. I strongly disagree. Ideally, 2FA codes should even be generated on a separate device (e.g., an old J2me-enabled cell phone will do). Keeping all secrets in one program is a sure way to lose them.Yes, but that's why it's optional. So people who prefer to use a 2FA app on smartphone or desktop can still do so. For people who believe that their system is protected pretty well, this built-in 2FA option would be nice. And I bet it would also stimulate more people to use 2FA in the first place, because right now it's often a hassle. And besides, on a smartphone everything is also in one basket if you think about it.
-
Well yeah like I told the other guy they don't integrate with Google at all. So unless they use like authy or something or invent their own it will never happen
-
@mikeyb2001 said in Vivaldi with built-in 2FA authenticator?:
Well yeah like I told the other guy they don't integrate with Google at all. So unless they use like authy or something or invent their own it will never happen.
Not sure what you mean with this? Normally speaking, websites support TOTP, which is supported by Google and Microsoft Authenticator and Authy of course. In other words, Vivaldi's built-in 2FA authenticator would work the same as these apps.
-
@RasheedHolland
It's called "don't tempt your neighbor with easy solutions." Almost a bible.
How many people do you think would be tempted by this opportunity if it were done? More than half... or more than 75%... or more? I'm kidding, but there's a smart grain in every joke.A separate program on smart is at least some protection. It can be passworded to run, access to information can be separately passworded - as in the case of keepassdx.
-
@far4 said in Vivaldi with built-in 2FA authenticator?:
@RasheedHolland
A separate program on smart is at least some protection. It can be passworded to run, access to information can be separately passworded - as in the case of keepassdx.What I noticed is that on smartphones security is very weak, many apps often don't even ask for 2FA codes after first usage! On a PC, websites most of the time ask for the 2FA code each and every time, like it's supposed to do. Unless you stay logged in of course.
But I don't see how built-in 2FA is way less secure then using some other desktop 2FA app. Because in case you have an infostealer on your system, you're probably toast. Unless the browser profile is protected from access against untrusted apps. And 2FA secret codes should always be encrypted on disk and if possible in memory.
-
@RasheedHolland
As far as I understand, the principle of 2-step in user identification is important also because it should not work automatically. That is, the person entering the site should start the 2fa-generator himself, then select the desired item, then memorize the displayed number and manually enter it into the field on the site. Yes, many people like to copy, but the basic point remains: run, select, click copy/paste. If you implement 2fa in a browser it is tempting to completely automate the whole process. That's if you don't use paranoid mode with constant authorization confirmation.Next, you suggest encrypting 2fa secret-codes. At what point would we enter a password? Or even different passwords - for different sites, just to get 6 or 8 digits? At each access to 2fa? Or will we do with system-wide security, whoever is logged in has full access to the user profile encrypted by means of the file system? Do you realize how complicated it gets? It's much easier for developers not to deal with this whole topic, shifting it on the shoulders of other specialists. That's why the browser stores only passwords. It's too much responsibility and hassle to store everything.
ps At the same time, many people think that you don't need to store passwords in your browser either. It is better to use special managers - it is safer.
-
@far4 said in Vivaldi with built-in 2FA authenticator?:
@RasheedHolland
Do you realize how complicated it gets? It's much easier for developers not to deal with this whole topic, shifting it on the shoulders of other specialists. That's why the browser stores only passwords. It's too much responsibility and hassle to store everything.It isn't complicated at all. Like I said, it wouldn't work any different than the WinAuth and Protecc 2FA desktop apps, or like 1Password. As soon as you open the browser, it should ask you for a password to get access to the secret codes from all websites.
And whether it's less secure or not than other options is another discussion. Of course using a second device like smartphone or hardware security key is safer, but sometimes also less convenient, there is always a trade off between the two. But this built-in 2FA option (like in Safari on macOS) would be nice for people who know how to secure their PC's.
For example, I'm the only user of my desktop and laptop and use them only at home, so I'm not that worried about physical theft. I have also protected my PC with all kinds of extra security tools (behavior blockers) meant to protect the system in case an AV like Windows Defender fails to protect against malware.
-
Seems to me the 'ambassadors' here don't really understand what two-factor authentication support in a password manager (which Vivaldi de facto has) means. This article should make it easier to grasp: https://www.guidingtech.com/use-icloud-keychain-two-factor-authentication/. If the iCloud Passwords app for Windows, together with its Chrome extension (which actually works in Vivaldi), can have it, I suppose Vivaldi's built-in password manager can have it, too. Currently, I am using the aforementioned iCloud Passwords, for exactly this reason - that it supports 2FA. On iPhone, it makes even less sense to use Vivaldi's built-in password manager, since for some websites which use 2FA for login I would still need to be using a password manager that supports it. So, basically, the absence of 2FA support in Vivaldi makes its password manager a neat, but kinda useless feature.
-
@karolleon said in Vivaldi with built-in 2FA authenticator?:
two-factor authentication support in a password manager
The password manager is a Chromium core feature and when Chromium gets 2FA secured password manager then Vivaldi will inhertits it.
That's the fact. -
@DoctorG I see. Then, if there is no other way of introducing this feature, I guess it was me who did not understand.
-
@karolleon said in Vivaldi with built-in 2FA authenticator?:
I am using the aforementioned iCloud Passwords, for exactly this reason - that it supports 2FA. On iPhone, it makes even less sense to use Vivaldi's built-in password manager, since for some websites which use 2FA for login I would still need to be using a password manager that supports it. So, basically, the absence of 2FA support in Vivaldi makes its password manager a neat, but kinda useless feature.
I didn't know about the iCloud Passwords extension, I suppose it allows you to automatically fill in the 2FA codes? But I get what you're saying, for you as an Apple user it would be nice to have this feature too in Vivaldi.
https://chromewebstore.google.com/detail/icloud-passwords/pejdijmoenmkgeppbflobdenhhabjlaj
-
@DoctorG said in Vivaldi with built-in 2FA authenticator?:
The password manager is a Chromium core feature and when Chromium gets 2FA secured password manager then Vivaldi will inhertits it. That's the fact.
@karolleon said in Vivaldi with built-in 2FA authenticator?:
@DoctorG I see. Then, if there is no other way of introducing this feature, I guess it was me who did not understand.
No you didn't misunderstand.
Vivaldi could either build a 2FA authenticator as a standalone feature, which works separately from Chromium's built-in password manager. Or they could build a completely new password manager with better encryption and 2FA support.
Popular password managers (Bitwarden, 1Password, RoboForm) all offer 2FA authenticators (not for free), but the problem is that those apps need to be running in memory all of the time, which costs RAM usage. And overall I didn't really like how they integrate with the browser, so that's why I still use Vivaldi's built-in password manager.
