I am considering changing to an open source smartphone. However there are some apps that I must have, like authenticator, mobile bank and government apps. Does anyone have any experience with any of these brands, what are they like and also is it possible to install android apps?
Requiring 2FA is a good idea though.
There are plenty of 2FA apps you can use that aren’t made by the government and will work fine on any phone.
2FA isn’t the problem. It’s being required to use a specific app.
My guess would be that a 2FA app from the government is likely using PKI (private + public keys) or something similar, rather than a basic TOTP algorithm. There’s not really a generic app for something like that. Many services are moving away from TOTP since it’s not phishing-resistant.
Nothing is phishing resistant though?
FIDO2 tokens (like Yubikeys and passkeys) can’t be phished.
Yes, it’s as easy as with the TOTP app. A message that says “ok, now tell us the code”
FIDO2/WebAuthn hardware tokens don’t use a code. That’s why they’re phishing resistant. You have to press a hardware token (usually plugged in via USB) to authenticate, but it doesn’t do anything obvious on the screen like type a code. On mobile, these tokens usually use NFC, so you just tap the Yubikey or whatever to the back of your phone.
Ah ok. Last time I had a hardware key it had a little display that showed numbers. I thought yubikey did the same thing.
That’s pretty cool. Ideally I’d get something like a yubikey to unlock my password manager, except I’m not sure how the yubikey is supposed to interact with a desktop computer, especially a shared/public one.
Oh yeah, I had one of those a long time ago for my PayPal account, before smartphones were widespread.
I’m using a Yubikey with my password manager (self-hosted Vaultwarden) and it works well! The Yubikey is a USB device - you can get it either as a USB-C or USB-A. It should work with any desktop PC as long as USB devices are allowed. I’ve got one on my keychain, and a second one stored somewhere safe. Good to have a spare one as a backup just in case the main one dies.