DSM7 2-step login screen & Bitwarden

Currently reading
DSM7 2-step login screen & Bitwarden

484
98
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
I believe this has been discussed before, but I can't find any posts about it when I search. probably I'm not using the correct keywords but anyways:

After upgrading to DSM 7, my log in screen is now 2 steps: The 1st screen I enter the user ID and then it rolls to a 2nd screen where I enter the password. I'm not talking 2-factor authentication, I'm talking about having 2 separate screens to enter in the ID and password. The issue is that I need to go to bitwarden twice now: once to enter an ID and once to enter a password. It isn't really overly strenuous at all, it is just annoying. I'd really like to go back to the previous login that allowed me to enter both ID & password on the same screen. Is this possible?
 
Is this possible?
Not on DSM7

Personally, I don't see any problem with multiple requests considering that BW supports keyboard shortcuts. CMD(Crtl)+Shift+L will populate the correct values so you don't have to use the BW extension icon or your mouse.
 
Personally I agree with OP. I was also annoyed by this unnecessary extra effort to log in. Technology should make things simpler, not more difficult. Where before I had three clicks I now have to make five. How is that helpful?
 
I don't want to jump in and pull this off-topic, only I'm using 1Password and it can populate DSM 7's password field automatically after clicking the username screen's '->' button. It also copies the 2FA PIN to the copy/paste buffer ready for use. Then clears this from the buffer a short while afterwards. I'm not aware that AgileBits made a change specifically for Synology, but I'm not a diligent reader of release notes.

So what I'm saying is: this is possible and BW should be able to update their apps/extensions. Would be worth raising to BW.
 
It also copies the 2FA PIN to the copy/paste buffer ready for use. Then clears this from the buffer a short while afterwards
I just noticed 1P also automatically fills in the 2FA PIN field too.

So it's all definitely possible for other password managers.
 
I may be wrong but Bitwarden/Vaultwarden is filling in the second screen just fine for me. As long as I use it to fill out the username screen when I advance to the password screen it fills in the password and I am on my way. I don't have anything unusual in my login or Vaultwarden config to do this other than my two accounts in Valtwarden my personal for the Synolgoy and a separate account when I want to admin the Synolgoy. The only setting I changed a long time ago was:

1630407961954.png
 
I may be wrong but Bitwarden/Vaultwarden is filling in the second screen just fine for me. As long as I use it to fill out the username screen when I advance to the password screen it fills in the password and I am on my way. I don't have anything unusual in my login or Vaultwarden config to do this other than my two accounts in Valtwarden my personal for the Synolgoy and a separate account when I want to admin the Synolgoy. The only setting I changed a long time ago was:

View attachment 4397
I can confirm this option will autofill pass and 2fa with BW and DSM7. I personally do not use it for added security, but it does work.

tnx @RonV42
 
I may be wrong but Bitwarden/Vaultwarden is filling in the second screen just fine for me. As long as I use it to fill out the username screen when I advance to the password screen it fills in the password and I am on my way. I don't have anything unusual in my login or Vaultwarden config to do this other than my two accounts in Valtwarden my personal for the Synolgoy and a separate account when I want to admin the Synolgoy. The only setting I changed a long time ago was:

View attachment 4397
This works for me too once I checked the box. It would work before on other accounts (non-syno) that had multi-step logins like this, I don't know why it wouldn't work for the DSM login. Thanks.
-- post merged: --

I can confirm this option will autofill pass and 2fa with BW and DSM7. I personally do not use it for added security, but it does work.

tnx @RonV42
I'm curious about filling out the 2FA info automagically. Currently I open authy on my phone and manually enter the code from there. Are you saying there's an option in BW to link BW to authy somehow and have it automatically load the code? Isn't that a bit of a security concern if someone did manage to somehow get into your BW account but not your 2FA account?
 
Are you saying there's an option in BW to link BW to authy somehow and have it automatically load the code?
BW support 2FA just like Authy. So for some accounts and services I use BW 2FA and for some I have them in a separate tool. But, yes, BW can handle 2fa on its end.
 
BW support 2FA just like Authy. So for some accounts and services I use BW 2FA and for some I have them in a separate tool. But, yes, BW can handle 2fa on its end.
ah. So it isn't linking to authy but rather generating its own 2fa code? If so, doesn't that kind of defeat some of the purpose of having 2FA?
 
You can do both. I have 2fa codes in Vaultwarden, along with those same codes installed on my OTP app. Redundancy is a good thing.
but isn't the whole point of 2FA to make it so someone who's hacked into your computer has another hoop to jump through (2fa app on your phone) before they can access your accounts? By enabling 2FA with BW, aren't you also basically removing that extra layer of security? I realize this is a discussion of how paranoid you want to be, but I just want to make sure I'm understanding how using BW 2FA affects things.
 
By enabling 2FA with BW, aren't you also basically removing that extra layer of security?
As opposed to entrusting a 3rd-party like Authy? Why do you think they are secure from hacking? And have you read their privacy terms? They are seriously harvesting your data.

It's all about risk management.

OK... back to on topic 🙃
 
As opposed to entrusting a 3rd-party like Authy? Why do you think they are secure from hacking? And have you read their privacy terms? They are seriously harvesting your data.

It's all about risk management.

OK... back to on topic 🙃
Lol. This did veer off course.

I'm not saying they're immune, just that it's another level of hacking necessary. I realize it's a topic for another thread and I don't mean to be critical of anyone, I'm just not understanding the purpose of using your password vault as your 2fa source. To me it seems to be canceling out the whole point of 2fa, but I'm also not very well versed in all this so that's why I was asking.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top