What authenticator app do you use? How do you backup? Any open source self hosted options?
pvr ( @pvr@beehaw.org ) English21•1 year agoI use Bitwarden (I know opinions are split when it comes to passwords and 2FA being in separate apps). But I like the convenience of it all being in one platform.
I also like Raivo, you can import/export them too.
Freeman ( @freeman@lemmy.pub ) English4•1 year agoI use bitwarden and only put totp codes in it for “low risk” uses. Like say…a Reddit account.
Thinks like email accounts or ones associated to bank etc I keep in google Authenticator (not synced to the cloud)
I also keep a spare phone with the google auth totp codes loaded in case I lose my phone.
At the service level I also keep backup codes or use a yubikey when possible. So even MFA at the account level often has options, even if it’s “my phone is across the room and I’m too lazy, backup code time”
sabre3999 ( @sabre3999@kbin.social ) 3•1 year agoYou can set Bitwarden to require your master password for higher security logins. I keep a separate vault for work and personal things… Everything in my work vault requires it’s master password to use them. The OTPs are useless without credentials, and you need the master password to get at those even when the vault is unlocked. YMMV but to me, this was “good enough” to ensure a separation of concerns between low and high risk.
kalipike ( @kalipike@lemmy.one ) English1•1 year agoI also use Bitwarden both for passwords and TOTP. I secure it with password + Yubikey. Works well enough it seems! If I ever have any concerns I’ll move TOTP to Aegis in a heartbeat though.
dill ( @dill@lemmy.one ) English15•1 year agoI have been using this https://github.com/beemdevelopment/Aegis Its great!
edit: I will add that 1password works well too. I use that for work hiajen ( @hiajen@feddit.de ) English3•1 year agoI second aegis
Vexz ( @Vexz@feddit.de ) English1•1 year agoI second Aegis too.
MrTHXcertified ( @MrTHXcertified@kbin.social ) 9•1 year agoAuthy for OTP, Bitwarden for passwords.
As long as my provider shows some concern for the sensitivity of the data I entrust them with, I’m good.
roving6478 ( @roving6478@kbin.social ) 6•1 year agoI use Bitwarden for both passwords and TOTP. So much easier than messing around with multiple apps.
NaN ( @nan@lemmy.blahaj.zone ) 1•1 year agoI trust Bitwarden but putting it all into one place still sketches me out. I only use their TOTP for low impact stuff where convenience trounces security, otherwise it’s Authy with device enrollment off, and on a yubikey.
1bluepixel ( @1bluepixel@kbin.social ) 3•1 year agoYeah, that’s my setup as well. Tech-savvy people tend to have an all-or-nothing attitude to security, but at the end of the day, as soon as you take some extra precautions like using a keygen or activating 2FA, you’re already taking yourself out of the massive pool of targets of opportunity that hackers go for.
sabre3999 ( @sabre3999@kbin.social ) 2•1 year agoSame here, though I’m starting to move my OTP over to Bitwarden as well. Way more convenient - as a developer, I spend a lot of time off my phone. Makes more sense to let Bitwarden manage those so I don’t have to pick up my phone as often.
I’m also slightly distrustful of closed-source Authy, whereas Bitwarden is open source and audited for security by third parties.
Jarmer ( @Jarmer@kbin.social ) 2•1 year agoI didn’t even know bw could do otp?? I’ll have to look into that
hikeandbike ( @hikeandbike@midwest.social ) 1•1 year agoThere’s a reasonable $10/yr subscription to enable TOTP
MrTHXcertified ( @MrTHXcertified@kbin.social ) 1•1 year agoI can see how fishing your phone out for every login would get annoying! In my case, Authy works with my watch so my OTP codes are just a few taps away.
whofearsthenight ( @whofearsthenight@kbin.social ) 1•1 year agoSame setup here, though since i’m on basically all Apple devices when iOS 17 public beta is out I’m going to switch to just using the built in manager. Supports two factor, and the main achilles for me was that I couldn’t share passwords, but that’s fixed for 17.
MrTHXcertified ( @MrTHXcertified@kbin.social ) 2•1 year agoI’ll be sticking with Authy/Bitwarden for the near future since I float between devices of all types – Windows, iOS, Android/ChromeOS… (Not that I mind. It avoids the whole “eggs in one basket situation”).
I am eagerly awaiting greater support for passkeys. Now if only enterprise apps could get on board with that!
Jarmer ( @Jarmer@kbin.social ) 2•1 year agoI’m pretty much in exactly the same situation. I don’t like using authy but haven’t really come across a foss equivalent.
CrescentMadeJr ( @CrescentMadeJr@beehaw.org ) English9•1 year agoAnother vote for bitwarden. They have self host options. I use vaultwarden to self host it.
panbroggi ( @panbroggi@feddit.it ) English9•1 year agoAegis for OTP, Bitwarden with backups from the subscription for passwords.
Xander72 ( @Xander72@lemmy.one ) English1•1 year agoAegis + Barracuda is a great combo. Would defiantly recommend
emk ( @emk@beehaw.org ) English8•1 year agoRaivo OTP for iOS. Open-source and allows easy exporting for backup or migration. I previously felt stuck on Authy but used Raivo’s migration guide.
cjerrington ( @cjerrington@kbin.social ) 2•1 year agoI was going to mention this as well. I went from Google, to Authy, to Raivo OTP and never looked back. Their sync system is great too.
They have a website too with more articles as well https://raivo-otp.com/
DarthSidiousPT ( @DarthSidiousPT@kbin.social ) 1•1 year agoAnother upvote for Raivo!
Jarmer ( @Jarmer@kbin.social ) 1•1 year agoThis is exactly what I’ve been looking for! Thank you so much.
emk ( @emk@beehaw.org ) 2•1 year agoNo problem!
Ryan ( @loadedvegangoat@discuss.tchncs.de ) English8•1 year agoAegis is a good one for Android. I use the totp field in my keepassdx database that I open with a password (or fingerprint) and my yubikey to store my auth codes. I use this with syncthing running on a raspberry pi so it syncs the password database across my phone and all my computers.
Edit: initially said keepassXC I meant keepassdx for the mobile app. Xc is the desktop version.
JCreazy ( @JCreazy@midwest.social ) English7•1 year agoI use andOTP but I didn’t realize it wasn’t in active development. I might give aegis a try. I have a yubikey and once I get a second one I may move everything to that.
TurboRotary ( @TurboRotary@kbin.social ) 3•1 year agoI switched from andOTP to Aegis when I found out about the development and I actually like it more! I was able to import all my saved credentials easily.
haych ( @haych@lemmy.one ) English6•1 year agoI was on Authy, but painfully migrated to Aegis. I keep a backup on my NAS just in case.
I think Authy was the better app, and good with it working on my PC, but Aegis is more secure so that won.
LollerCorleone ( @LollerCorleone@kbin.social ) 5•1 year agoI use andOTP, but will soon be switching to Aegis as andOTP is no longer updated.
sgtgary ( @sgtgary@readit.buzz ) 4•1 year agoiOS now lets you authenticate from within the OS. This is super convenient in the Apple ecosystem, though I’m not sure if it’s the best for security. I do keep my iCloud now fully encrypted.
laxidaisy ( @laxidaisy@kbin.social ) 3•1 year agoI use Authy. Its fine.
pgetsos ( @pgetsos@kbin.social ) 1•1 year agoI also use Authy, it is also very handy having it handle backup on its own and also having easily 2fa from my PC is a killer option
That said, I want to move to a local and OSS one for a long time, but I’m too bored to move so many accounts…
workinkindofhard ( @workinkindofhard@kbin.social ) 3•1 year agoAn nfc enabled Yubikey so I can use it with my phone and computer
Southrydge Freedom ( @southrydge@nerdculture.de ) 2•1 year ago@workinkindofhard @MenacingMight definitely my favorite security tool, I just need to buy a 2nd copy in case I lose mine
2xsaiko ( @2xsaiko@discuss.tchncs.de ) 1•1 year agoSame here. I have two keys (one as backup just in case). I just wish more stuff would support FIDO2 so I don’t need to have as many TOTP keys (since apparently there’s a limit on how many TOTP keys it can store).
gingerman ( @gingerman@lemmy.ca ) 1•1 year agoI have 2 yubi keys for the more important systems and store the rest in bitwarden.
With your 2 yubi keys, is it possible to set one up as a clone of the other? I’ve been manually adding to both keys but that’s a pain when I don’t have the backup with me.
2xsaiko ( @2xsaiko@discuss.tchncs.de ) 1•1 year agoNo, you do have to set them up separately/while you have both on hand. Being able to clone them would kind of defeat their point :)
名探偵 ( @meitantei@lemmy.dbzer0.com ) English3•1 year agoAegis on my phone and also Keepassxc on desktop.
FuyuhikoDate ( @Fuyuhikodate@diggit.xyz ) English3•1 year agoKeepassxc Database with keepassxcxc and yubikey :)
The Moment i learned that i can use totp with keepassxc killed aeges for me :)