this post was submitted on 29 Nov 2024
36 points (92.9% liked)

Ask Lemmy

27281 readers
2251 users here now

A Fediverse community for open-ended, thought provoking questions


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.


6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 2 years ago
MODERATORS
 

It's time for me to move from SMS to a 2FA Authenticator app. I want something that will be open source but also ridiculously easy to back up, transfer to a new device, or replace if it is on a device that fails. I want it to be versatile enough to use across all necessary authentications. I also want to be sure that I can use the same app for many many years. I don't want it tied into another service.

What's my best option?

top 27 comments
sorted by: hot top controversial new old
[–] ptz@dubvee.org 26 points 4 weeks ago

I'm pretty happy with Aegis. AFAIK, it doesn't work with any of the "push" style methods (Duo, MS Auth, etc), but I don't care for those anyway. Easy to backup/restore, the backups are encrypted, you can lock the app behind a password/PIN and/or biometric lock, and it's open source.

[–] iii@mander.xyz 21 points 4 weeks ago* (last edited 4 weeks ago)

I use Aegis. Backs up to a password encrypted file.

File follows same as all the rest backup procedures.

[–] ShittyBeatlesFCPres@lemmy.world 12 points 4 weeks ago* (last edited 4 weeks ago)

I use Bitwarden as a password manager and 2FA manager. I like that Bitwarden automatically copies the 2FA number after filling a password — if you want it to — so I just hit paste and it’s all quick and easy. It’s a lot of trust to put in one product/company, obviously, but I use biometric, FIDO, or ssh keys for critical stuff (at least where I have the option).

I also use Authy, in part because I used it for years before switching to Bitwarden. I liked Authy a lot but it was just less convenient than using Bitwarden. Also, a few sites — Twilio (Authy’s parent company) ones, specifically — seem to require Authy.

Passwordless is coming along but pretty slowly. So, definitely setup 2FA. Tech companies can’t seem to wait to switch to passwordless. Other types of businesses are super conservative about logins and probably won’t adopt it for a few more years.

[–] subspaceinterferents@lemmy.world 11 points 4 weeks ago (3 children)

Have a look at 2FAS. Open source. Works for me. 2fas.com

[–] thesohoriots@lemmy.world 3 points 4 weeks ago

Second 2FAS, at least on iOS devices. I switched from Authy after Twilio got motherfucked the first time.

[–] ILikeRamen@lemmy.world 1 points 4 weeks ago

+1. Works well on Android as well. You can set up your Google Drive to store an encrypted backup of your private keys using a password you set. It also supports importing from other authenticator apps

[–] bananymous@lemmy.ml 1 points 4 weeks ago

Interesting option. Need to figure out if backups can be done without allowing access to iCloud.

[–] nichtburningturtle@feddit.org 5 points 4 weeks ago

I use freeotp++ on mobile and bitwarden for sites, where I have to log in >1 times per day.

[–] Feathercrown@lemmy.world 5 points 4 weeks ago (1 children)

App: None

Pros: No 2FA

Cons: No 2FA

I am but a simple man

[–] rob_t_firefly@lemmy.world 5 points 4 weeks ago

The one pro to Google Authenticator is that its icon looks like a little clenched sphincter, so when prompted for a 2FA code I can say some variation of "well, time to pull a code from the asshole..."

[–] shortwavesurfer@lemmy.zip 5 points 4 weeks ago (1 children)

Keepassxc on pc and keepassdx on android

[–] vaionko@sopuli.xyz 1 points 4 weeks ago

This but keepass2android because it can sync the file from Nextcloud natively

[–] derpgon@programming.dev 4 points 4 weeks ago (1 children)

Vaultwarden, and open-source upstream bitwarden client-compatible backend. Stores passwords, 2FA, and any secure texts.

[–] fartsparkles@sh.itjust.works 2 points 4 weeks ago

It’s written by a Bitwarden dev too.

[–] Rentlar@lemmy.ca 3 points 4 weeks ago (1 children)

AndOTP is what I use... you can produce encrypted or unecrypted backups, and even if not ideal for sensitive/secure information, you can transfer unencrypted JSON easily to virtually any other app on PC or otherwise.

[–] DacoTaco@lemmy.world 2 points 4 weeks ago (1 children)

I used to use andotp, but moved to aegis when i got a new phone because andotp is no longer maintained since 2022 and it had issues on my new phone. Was a great app though!

[–] Rentlar@lemmy.ca 3 points 4 weeks ago

Yeah it is great. It is too bad that it's not maintained anymore, but besides compatibility issues with new phones like you mention, I really have no reason to pick a new app if the one I was using for years still works.

[–] PetteriPano@lemmy.world 2 points 4 weeks ago

I use ente auth.

It's open source, keeps your keys encrypted in the cloud and lets you use it on all devices. Convenient to have it on my desktop and backup phone.

Yes, it's not best practice. I feel the risk is greatest that some password hashes leak. I want to guard myself from getting locked out.

[–] ____@infosec.pub 1 points 4 weeks ago

Make sure that it can be backed up, somehow.

Save your recovery codes in an organized and secure fashion.

Offhand, Ente does backup I believe.

Bitwarden does export (save on encrypted drive, or print and put in safe deposit box)

[–] sem@lemmy.blahaj.zone 1 points 4 weeks ago

I enjoy proton pass. It automatically fills in OTP codes with one click and syncs across devices. I also pay for the unlimited email aliases it does and am very happy with that service.

I use a separate OTP with a different app to log into proton pass. Eventually I should make this a yubikey or something.

[–] flying_gel@lemmy.world 1 points 4 weeks ago

I'm using pass, the Unix standard password manager. While the original application is just a. shell script, gpg and git, it seems to have evolved more into a standard structure of encrypted files that any applications can use.

On UNIX I use gopass, on my phone I use Password store together with open keychain.

Benefits: completely self hosted, well known and robust technology, easy for developers to make applications or even just read the files youself

Cons: Need to setup and maintain gpg keys. Applications I've used so far seem geared to more technical people. Setting up a new device requires copying gpg keys or generating new ones and add the public key to your vault. Last I checked, no viable IOS client.

Depending on your view this can be either pro or con, but you can store your 2fa and password in the same repo, all protected by your gpg keys.

[–] solrize@lemmy.world 1 points 4 weeks ago

You don't want it to be ridiculously easy to back up, since that is an attack route. Anyway I'm happy with FreeOTP which is on f-droid.

[–] blackstrat@lemmy.fwgx.uk -1 points 4 weeks ago (1 children)

I consider Authenticator Pro to be basically perfect

https://github.com/stratumauth/app

[–] bl4kers@lemmy.ml 1 points 4 weeks ago

Not sure what "Authenticator Pro" is but your link goes to "Stratum - Authenticator App" fyi