 Tom here from Lawrence Systems, and I am happy to report here in December of 2021. Many, many websites are now supporting two factors of authentication. This is great until you then think about how you have to deal with all of this two factor authentication. One of those methodologies, especially in specifically with TOTP, one of my favorite methods, which is time based authentication. I have a whole video on it. I'll link down below. But time based authentication is really popular. It's really simple. It doesn't require any third party interaction servers. You just have to have a shared secret and agree upon what time it is between you and the server. And time, I think, is pretty well agreed upon, I hope. But once we've determined that, then where do we put that data? Now, one of my favorite apps to use on my phone has been for quite a while. Aegis, and I'll leave a link to that up. But it's a nice app that runs on Android that does allow you to store all your TOTP authentication. But when you start having many, many things with TOTP, you kind of go, you know, it'd be nice if these were in Bitwarden. And good news, Bitwarden allows you to store it. Now, Bitwarden is very convenient with the way it stores it, because as it puts it in there, it'll also do fun things like copy it to the clipboard whenever you do an auto fill for username and password. So for example, when I log into TrueNAS here, username, password fills it in and copied right away to the clipboard, the TOTP authentication, so I can just hit paste and log right in. Now, when do you, when don't you save things in Bitwarden is a question that's come up quite a bit. And this is kind of a fuzzy area and it'll come down to how you want to do things. So saving in Bitwarden and having 2FA is better than not having 2FA. We'll start there. So if you have no way of managing these apps separately, well, I at least would say start with using Bitwarden. When it comes to the way we manage it, let's start with how we manage Bitwarden. First, Bitwarden, there are no known vulnerabilities in it here in December of 2021. They go through regular code reviews and regular audits. So I want to talk about theoretical where I think the potential problems could occur. First, we self-hills Bitwarden and I've got reviews on talking about that. And the self-hosted Bitwarden is only accessible behind a VPN. So we keep it quite locked down. But we use the Bitwarden plugin here at my office and saving things in a plugin that then talks to the server means that it's in the browser and the browser could be and obviously is where so many attacks are occurring because that's how we interact with the greater internet. That is the part that is exposing us beyond our firewall. Therefore, if by some magical way or really good hacking, it's not really magic. And someone was able to break those boundaries to somehow reach out of the browser's sandbox that it has and grab something out of one of those plugins, such as Bitwarden. That would obviously be where I could potentially see a threat surface. But it seems really, really unlikely because there's a really large group of smart people working to keep this very locked down. But I still just on that small, small risk that that could occur. I make sure that my passwords for things that are well IT related in terms of what we use to manage our customers. We keep that separate in that ages app on my phone and I don't even use Bitwarden on my phone. Just one of those one more keeps it separate. That way my phone is the place where my TOTP second factor authentication is stored and Bitwarden itself with only a browser plugin load is where my username and password is. And in all these different sites that are things for IT documentation or IT management. And any of these things that have, you know, talked about different on a channel here because what we used to run our business that interacts with our customers. We make sure these remote control applications because well, it would be absolutely dangerous to have someone log in there because they would then gain access to many of our client systems, even domains and things like that. I keep those all separate. Where do I put things in Bitwarden? Well, first my lab, that one makes it easy. I always set up even though it's a lab environment, just in case I set up randomly generated passwords along with my Bitwarden 2FA makes things really simple to paste in. Then the next ones expanding out from there is going to be all the different forums I belong to when you sign up for them. I mean, they have TOTP authentication as an option. I'm signing up for it and saying yes, because I put it right in Bitwarden. Same with some of my personal life, my games and things like that. Yeah, I'm not too worried. I mean, I would be greatly upset if someone were to log into some of my games. But I mean, it's just way convenient and not having that clutter up my phone. So my phone has got a little bit shorter of a list. Yes, Aegis supports filtering so I could filter it each time. But you're just narrowing it down for where I use them and where I don't. Like I said, overall, I wanted to answer this question and see what the audience thinks as well. Because go ahead and leave your comments down below if you think I'm a little bit overly cautious, not want to put them all in Bitwarden. Or I'm crazy for putting any of them in Bitwarden. I kind of like to see both sides of it. I actually started this discussion on Twitter about how people handle it. And it's one of those things that's going to be a bigger and bigger issue is handling authentication in general as more and more sites have different methodologies. And some of them use no username password anymore. They send everything where they refer to as like magic links to set cookies. It's going to be interesting watching how identity management kind of grows in the future. At least we've come a lot further than we were from the early days of the internet where we just sent everything over clear text and telnet for management. To, you know, 25 years later in my career where things are much more encrypted, much more locked down key managed with things like SSH and handling username password and password manager. So we've come a long way on here. I'm excited where we're going to go next. But still managing all that is a big thought process. I always like to try to always be rethinking through it, keeping an eye on what's important. And yes, it's not done yet, but I am working on where I use UB keys as well because someone's going to ask about them. I've not done a video yet on UB keys that'll be in the future, but that future may be right now. So if there's a video in UB keys, go ahead and check my channel for that. It kind of depends on when you're watching it. But as of publishing today, December 5th, 2021, there is not one. All right. Thanks and leave your comments down below to let me know if I'm crazier. If I should have put a tinfoil hat on before even making this video. Thanks. And thank you for making it all the way to the end of this video. If you've enjoyed the content, please give us a thumbs up. If you would like to see more content from this channel, hit the subscribe button and the bell icon. If you'd like to hire a short project, head over to LawrenceSystems.com and click the hires button right at the top. To help this channel out in other ways, there's a join button here for YouTube and a Patreon page where your support is greatly appreciated. For deals, discounts, and offers, check out our affiliate links in the description of all of our videos, including a link to our shirt store where we have a wide variety of shirts that we sell and designs come out well randomly. So check back frequently. And finally, our forums. Forums.laurancesystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel. Thanks again for watching and look forward to hearing from you.