What authenticator app do you use? How do you backup? Any open source self hosted options?

    • animist
      link
      fedilink
      English
      72 years ago

      +1 for aegis. Keep my secret codes in an encrypted backup file just in case

    • @[email protected]
      link
      fedilink
      English
      42 years ago

      Aegis is what I use too. I feel more comfortable with local backups which is why I went for it over those with cloud sync integration.

    • Dusty
      link
      fedilink
      English
      22 years ago

      I switched to aegis a while ago, it’s been one of the best apps I’ve used for authentication. I was using Authelia for along time before that but my backup stopped working unbeknownst to me. I found out while doing a regular backup/restore test it had borked itself.

  • @[email protected]
    link
    fedilink
    English
    212 years ago

    I use Bitwarden (I know opinions are split when it comes to passwords and 2FA being in separate apps). But I like the convenience of it all being in one platform.

    I also like Raivo, you can import/export them too.

    • sabre3999
      link
      fedilink
      62 years ago

      You can set Bitwarden to require your master password for higher security logins. I keep a separate vault for work and personal things… Everything in my work vault requires it’s master password to use them. The OTPs are useless without credentials, and you need the master password to get at those even when the vault is unlocked. YMMV but to me, this was “good enough” to ensure a separation of concerns between low and high risk.

      • @DarthRedLeader
        link
        12 years ago

        This is the first time I’m hearing about this feature and am interested. But I feel like it would be better to use a different password than your master for these higher security logins. The thought being that, if someone has access to your passwords, they likely have access to your master password as well, unless they had access to an already unlocked vault.

    • Freeman
      link
      fedilink
      English
      5
      edit-2
      2 years ago

      I use bitwarden and only put totp codes in it for “low risk” uses. Like say…a Reddit account.

      Thinks like email accounts or ones associated to bank etc I keep in google Authenticator (not synced to the cloud)

      I also keep a spare phone with the google auth totp codes loaded in case I lose my phone.

      At the service level I also keep backup codes or use a yubikey when possible. So even MFA at the account level often has options, even if it’s “my phone is across the room and I’m too lazy, backup code time”

    • kalipike
      link
      fedilink
      English
      12 years ago

      I also use Bitwarden both for passwords and TOTP. I secure it with password + Yubikey. Works well enough it seems! If I ever have any concerns I’ll move TOTP to Aegis in a heartbeat though.

    • @[email protected]
      link
      fedilink
      English
      12 years ago

      That looks great! I won’t be able to switch though because I need it to work across everything, and sadly it doesn’t have web or Windows apps, which I would need for my day at work (since I can’t have my phone on me at work)

  • MrTHXcertified
    link
    fedilink
    132 years ago

    Authy for OTP, Bitwarden for passwords.

    As long as my provider shows some concern for the sensitivity of the data I entrust them with, I’m good.

    • roving6478
      link
      fedilink
      8
      edit-2
      2 years ago

      I use Bitwarden for both passwords and TOTP. So much easier than messing around with multiple apps.

      • NaN
        link
        fedilink
        1
        edit-2
        2 years ago

        I trust Bitwarden but putting it all into one place still sketches me out. I only use their TOTP for low impact stuff where convenience trounces security, otherwise it’s Authy with device enrollment off, and on a yubikey.

    • 1bluepixel
      link
      fedilink
      42 years ago

      Yeah, that’s my setup as well. Tech-savvy people tend to have an all-or-nothing attitude to security, but at the end of the day, as soon as you take some extra precautions like using a keygen or activating 2FA, you’re already taking yourself out of the massive pool of targets of opportunity that hackers go for.

    • sabre3999
      link
      fedilink
      32 years ago

      Same here, though I’m starting to move my OTP over to Bitwarden as well. Way more convenient - as a developer, I spend a lot of time off my phone. Makes more sense to let Bitwarden manage those so I don’t have to pick up my phone as often.

      I’m also slightly distrustful of closed-source Authy, whereas Bitwarden is open source and audited for security by third parties.

      • Jarmer
        link
        fedilink
        22 years ago

        I didn’t even know bw could do otp?? I’ll have to look into that

      • MrTHXcertified
        link
        fedilink
        12 years ago

        I can see how fishing your phone out for every login would get annoying! In my case, Authy works with my watch so my OTP codes are just a few taps away.

    • whofearsthenight
      link
      fedilink
      12 years ago

      Same setup here, though since i’m on basically all Apple devices when iOS 17 public beta is out I’m going to switch to just using the built in manager. Supports two factor, and the main achilles for me was that I couldn’t share passwords, but that’s fixed for 17.

      • MrTHXcertified
        link
        fedilink
        22 years ago

        I’ll be sticking with Authy/Bitwarden for the near future since I float between devices of all types – Windows, iOS, Android/ChromeOS… (Not that I mind. It avoids the whole “eggs in one basket situation”).

        I am eagerly awaiting greater support for passkeys. Now if only enterprise apps could get on board with that!

        • Jarmer
          link
          fedilink
          22 years ago

          I’m pretty much in exactly the same situation. I don’t like using authy but haven’t really come across a foss equivalent.

  • @[email protected]
    link
    fedilink
    English
    92 years ago

    I was on Authy, but painfully migrated to Aegis. I keep a backup on my NAS just in case.

    I think Authy was the better app, and good with it working on my PC, but Aegis is more secure so that won.

  • Ryan
    link
    fedilink
    English
    9
    edit-2
    2 years ago

    Aegis is a good one for Android. I use the totp field in my keepassdx database that I open with a password (or fingerprint) and my yubikey to store my auth codes. I use this with syncthing running on a raspberry pi so it syncs the password database across my phone and all my computers.

    Edit: initially said keepassXC I meant keepassdx for the mobile app. Xc is the desktop version.

  • @[email protected]
    link
    fedilink
    English
    82 years ago

    I use Vaultwarden server with the Bitwarden app for all passwords and 2fa keys in one app

  • @DarthRedLeader
    link
    English
    82 years ago

    I use Aegis, which automatically backs up with each change to the database to a folder that gets synced to a couple of different computers via syncthing.

    For backup codes, I have a separate keypass database that’s backed up to a couple of places. I thought about using Bitwarden for this backup, but having my 2FA backups in the same place as my passwords kinda defeated the point, IMO.

    Anyway, this system has worked well for me.

  • @[email protected]
    link
    fedilink
    English
    82 years ago

    I use andOTP but I didn’t realize it wasn’t in active development. I might give aegis a try. I have a yubikey and once I get a second one I may move everything to that.

    • TurboRotary
      link
      fedilink
      42 years ago

      I switched from andOTP to Aegis when I found out about the development and I actually like it more! I was able to import all my saved credentials easily.

  • @divinely_splashingB
    link
    English
    72 years ago

    Yubico Authenticator and Aegis depending on the importance of the account. I have a secondary Yubikey for quick access backups and a keepass database exclusively for my TOTP keys that I backup to my nextcloud server in real time with versioning. Similarly, I backup my Aegis backups with the nextcloud app.

    • Widget
      link
      fedilink
      32 years ago

      Only downside with Yubikeys is that you can’t really have backups. The solution is to have two of them, and add the 2FAs to each of them every time you sign up for a new account. It does mean you pretty much can’t have offsite backups though.

      Personally I keep a USB-A with NFC one on my keyring and then a UISB-C one at my desk, which covers every device I have.

    • @[email protected]
      link
      fedilink
      English
      12 years ago

      Exact same setup!! I have 2 keys, one on my keychain, one in my safe! My totp is thru yubico authenticator, and some are in aegis