If proprietary app is better and more robust I am willing to try it and assess it myself.
Aegis authenticator. Beats all proprietary apps I’ve tried so far
Yep, it works perfectly
Bitwarden has it too, but eggs in one basket etc.
Also, for bitwarden it’s either a paid feature or you have to self host it
I’m leaving links here in case anyone needs them
It supports importing data from various 2FA apps and even allows you to generate Steamguard codes.
Aegis is my favorite.
Bitwarden and it’s fully cross-platform. I like that it auto copies the 2FA pin to clipboard after filling in login - cuts out extra clicks and copy movements.
Vaultwarden is also a great and simple to self-host backend written in Go that runs in Docker.
Isn’t it written in Rust?
deleted by creator
That’s literally what the comment I reacted to is about. Are there two vaultwardens? Did you misread?
Kinda makes two factor authentication useless as they are both stored in the same place.
I think it is more about passwords being accessible after hacks etc. What you are referring to, is if Bitwarden were to be hacked, both are accessible. Online Bitwarden has securely hashed all the data, so that is pretty useless if anyone gets it. On my devices I use biometric login, and on desktop a Yubiky as 2FA into Bitwarden. I also have it set to request login every time the browser is restarted, just in case someone were to steal the session data from the browser.
But your point is very valid if a user were to have a weak password for their Bitwarden, or not to have a good 2FA for their Bitwarden login. You want to keep that basket of eggs as safe as you can.
The whole point of 2FA is for them to be completely separate.
But if the access to the combination of the two requires a separate 2FA (my Yubikey), then it is virtually separated. It is not just one password and you inside Bitwarden. One could argue otherwise, that having a 2FA app on the same phone as your password manager, is also not separate, if the same PIN/biometric gives access to that phone with the two apps on.
“Authenticator key (TOTP) storage is available to all accounts. TOTP code generation requires premium or membership to a paid organization (families, teams, or enterprise).”
It’s $10/y and a steal for that excellent software. I pay it and self host it just to support them.
Does anyone have any suggestion for iOS? Raivo seems to fallen from grace recently.
Bitwarden. Works with autofill too.
Aegis seems to be the winner in this thread. Does anyone have experience with Tofu Authenticator for iOS?
When it comes to proprietary apps Authy is nice, it offers synchronisation between devices, but yeah, it involves cloud (someone’s computer) and you need to give them your phone number, so that’s for privacy, in the end you might as well use Google authenticator, it syncs between devices to, it’s about who you trust more
For people down voting, please share your reasons for it. If there’s something wrong with the product, sharing that info would be helpful.
KeepassDX already has TOTP
I am not a big fan of storing the passwords and 2fa together since if it is compromised, you lose both layers at the same time. But the alternative is not so convenient. But then in security, it is always a balance between the two.
True true. But the auth apps I’ve seen don’t appear to be secure. So if you lose your phone…
And I don’t like hw key because I’m afraid I’ll lose it.
I have a two layer system in place:
-
I use Aegis, I have automatic encrypted backups, and syncthing to synchronize the backups to my private server. If I need to reconfigure Aegis, I just import the backup.
-
I have 2FA backup codes as encrypted text files, which are also synced to my server with syncthing. I have the encryption/decryption software installed on my phone and windows, so I can use a backup code if I don’t have access to Aegis.
One issue was I had to write my own apps for windows and android for encrypting/decrypting the text files 😃. You can check them on GitHub: https://github.com/mcanyucel/TextCrypt-Windows https://github.com/mcanyucel/textcrypt-android
They use SHA256 with random IV and random salt. No warranties, though 😅
Damn! I hope I don’t have to be quite that careful. I travel a lot so I really only worry about the USA border guards. 😒
-
Authenticator Pro
Yes! I moved from aegis to it and it is much better imo.
deleted by creator
Better way to select groups. Nicer looks, more customization.
Thank you for the information. I am using Aegis and will not move away from it – I have no reason to. I am completely content with the features it provides. However, I want to look at Authenticator Pro to see how it works, what features it brings and in general, how good the application is. If I like what I see, I will be able to provide an alternative to Aegis when I suggest a TOTP application for someone. I hope Authenticator Pro is great, so I can recommend it with confidence.
I’m just migrating away from github because of this. Sr.ht is looking promising.
Why would you not want to use 2FA?
I know it is an unpopular opinion, but it is a huge headache in general. I don’t think the theoretical benefits (which make total sense) actually pay off in reality and are worth the extra headache. I’m not saying they should not have it at all, but it should be at least opt-out instead of forced.
In the case of github, I think it is part of their long drawn out plan of data collection and proprietary lock down. Next they are going to require your house address and government ID. I feel better using an free and open source platform anyway.
How exactly could a site collect more of your data through 2fa?
