this post was submitted on 17 Jun 2023
86 points (100.0% liked)

Privacy Guides

697 readers
1 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...

Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 2 years ago
MODERATORS
jonah@lemmy.one
dngray@lemmy.one
freddy@lemmy.one
ninchuka@lemmy.one
jonah@lemmy.jonaharagon.net
86
Authenticator App (lemmy.one)
submitted 1 year ago by MenacingMight@lemmy.one to c/privacyguides@lemmy.one
99 comments fedilink hide all child comments
 

What authenticator app do you use? How do you backup? Any open source self hosted options?

top 50 comments
sorted by: hot top controversial new old
[–] pvr 21 points 1 year ago (3 children)

I use Bitwarden (I know opinions are split when it comes to passwords and 2FA being in separate apps). But I like the convenience of it all being in one platform.

I also like Raivo, you can import/export them too.

[–] freeman@lemmy.pub 4 points 1 year ago* (last edited 1 year ago)

I use bitwarden and only put totp codes in it for “low risk” uses. Like say…a Reddit account.

Thinks like email accounts or ones associated to bank etc I keep in google Authenticator (not synced to the cloud)

I also keep a spare phone with the google auth totp codes loaded in case I lose my phone.

At the service level I also keep backup codes or use a yubikey when possible. So even MFA at the account level often has options, even if it’s “my phone is across the room and I’m too lazy, backup code time”

[–] sabre3999@kbin.social 3 points 1 year ago

You can set Bitwarden to require your master password for higher security logins. I keep a separate vault for work and personal things... Everything in my work vault requires it's master password to use them. The OTPs are useless without credentials, and you need the master password to get at those even when the vault is unlocked. YMMV but to me, this was "good enough" to ensure a separation of concerns between low and high risk.

[–] kalipike@lemmy.one 1 points 1 year ago

I also use Bitwarden both for passwords and TOTP. I secure it with password + Yubikey. Works well enough it seems! If I ever have any concerns I'll move TOTP to Aegis in a heartbeat though.

[–] dill@lemmy.one 15 points 1 year ago* (last edited 1 year ago) (2 children)

I have been using this https://github.com/beemdevelopment/Aegis Its great!
edit: I will add that 1password works well too. I use that for work

[–] hiajen@feddit.de 3 points 1 year ago

I second aegis

load more comments (1 replies)
[–] panbroggi@feddit.it 9 points 1 year ago* (last edited 1 year ago) (1 children)

Aegis for OTP, Bitwarden with backups from the subscription for passwords.

load more comments (1 replies)
[–] MrTHXcertified@kbin.social 9 points 1 year ago (6 children)

Authy for OTP, Bitwarden for passwords.

As long as my provider shows some concern for the sensitivity of the data I entrust them with, I’m good.

[–] roving6478@kbin.social 6 points 1 year ago* (last edited 1 year ago) (1 children)

I use Bitwarden for both passwords and TOTP. So much easier than messing around with multiple apps.

load more comments (1 replies)
[–] 1bluepixel@kbin.social 3 points 1 year ago

Yeah, that's my setup as well. Tech-savvy people tend to have an all-or-nothing attitude to security, but at the end of the day, as soon as you take some extra precautions like using a keygen or activating 2FA, you're already taking yourself out of the massive pool of targets of opportunity that hackers go for.

[–] sabre3999@kbin.social 2 points 1 year ago (2 children)

Same here, though I'm starting to move my OTP over to Bitwarden as well. Way more convenient - as a developer, I spend a lot of time off my phone. Makes more sense to let Bitwarden manage those so I don't have to pick up my phone as often.

I'm also slightly distrustful of closed-source Authy, whereas Bitwarden is open source and audited for security by third parties.

[–] Jarmer@kbin.social 2 points 1 year ago (1 children)

I didn’t even know bw could do otp?? I’ll have to look into that

load more comments (1 replies)
load more comments (1 replies)
load more comments (3 replies)
[–] CrescentMadeJr 9 points 1 year ago

Another vote for bitwarden. They have self host options. I use vaultwarden to self host it.

[–] loadedvegangoat@discuss.tchncs.de 8 points 1 year ago* (last edited 1 year ago)

Aegis is a good one for Android. I use the totp field in my keepassdx database that I open with a password (or fingerprint) and my yubikey to store my auth codes. I use this with syncthing running on a raspberry pi so it syncs the password database across my phone and all my computers.

Edit: initially said keepassXC I meant keepassdx for the mobile app. Xc is the desktop version.

[–] emk 8 points 1 year ago (4 children)

Raivo OTP for iOS. Open-source and allows easy exporting for backup or migration. I previously felt stuck on Authy but used Raivo's migration guide.

[–] cjerrington@kbin.social 2 points 1 year ago

I was going to mention this as well. I went from Google, to Authy, to Raivo OTP and never looked back. Their sync system is great too.

They have a website too with more articles as well https://raivo-otp.com/

load more comments (3 replies)
[–] JCreazy@midwest.social 7 points 1 year ago (2 children)

I use andOTP but I didn't realize it wasn't in active development. I might give aegis a try. I have a yubikey and once I get a second one I may move everything to that.

[–] TurboRotary@kbin.social 3 points 1 year ago

I switched from andOTP to Aegis when I found out about the development and I actually like it more! I was able to import all my saved credentials easily.

load more comments (1 replies)
[–] haych@lemmy.one 6 points 1 year ago

I was on Authy, but painfully migrated to Aegis. I keep a backup on my NAS just in case.

I think Authy was the better app, and good with it working on my PC, but Aegis is more secure so that won.

[–] LollerCorleone@kbin.social 5 points 1 year ago (2 children)

I use andOTP, but will soon be switching to Aegis as andOTP is no longer updated.

load more comments (2 replies)
[–] sgtgary@readit.buzz 4 points 1 year ago

iOS now lets you authenticate from within the OS. This is super convenient in the Apple ecosystem, though I’m not sure if it’s the best for security. I do keep my iCloud now fully encrypted.

[–] Fuyuhikodate@diggit.xyz 3 points 1 year ago

Keepassxc Database with keepassxcxc and yubikey :)

The Moment i learned that i can use totp with keepassxc killed aeges for me :)

[–] zer0@discuss.tchncs.de 3 points 1 year ago

Aegis on Android, Raivo on iOS

[–] workinkindofhard@kbin.social 3 points 1 year ago (4 children)

An nfc enabled Yubikey so I can use it with my phone and computer

[–] southrydge@nerdculture.de 2 points 1 year ago

@workinkindofhard @MenacingMight definitely my favorite security tool, I just need to buy a 2nd copy in case I lose mine

load more comments (3 replies)
[–] meitantei@lemmy.dbzer0.com 3 points 1 year ago

Aegis on my phone and also Keepassxc on desktop.

[–] DigitalBits@lemmy.fmhy.ml 3 points 1 year ago

I usually just use KeePassXC, which is open source and self hosted (kinda). It's synced over onedrive, though something like syncthing would work fine too.

No backups per-se, but onedrive should handle accidentally deleted files, and the database is on a few machines anyway so the chances of anything permanently happening to all copies are rather slim.

[–] aliens@infosec.pub 3 points 1 year ago

I use Aegis for important apps and store all non-critical ones in vaultwarden. It's a good trade-off in my opinion of having the convenience for less important things but still be secure and not having a single point of compromise for my critical, sensitive apps.

[–] laxidaisy@kbin.social 3 points 1 year ago (1 children)

I use Authy. Its fine.

load more comments (1 replies)
[–] Badabinski@kbin.social 2 points 1 year ago

I use Google Authenticator with no backup. I religiously store my backup codes in my password manager. I'll probably switch to a different app soon, since I'm not a fan of the recent Google Authenticator changes.

[–] asjmcguire@kbin.social 2 points 1 year ago (1 children)

Currently EnPass which I sync via Google Drive across all my devices, but I'm in the process of migrating to VaultWarden (self hosted) which I'll access remotely via Wireguard if I need to when I'm out and about

load more comments (1 replies)
[–] emhl@feddit.de 2 points 1 year ago* (last edited 1 year ago)

I use aegis for totp which has automatic backups to android cloud (Google Drive but only accessible for the app that created the folder) and for important accounts that support it I have a yubikey as well

My passwords are saved in vaultwarden

[–] thomas@lemmy.zell-mbc.com 2 points 1 year ago

KeePassXC for me…

[–] LossLeader@lemmy.studio 2 points 1 year ago

andOTP for me

[–] atocci@kbin.social 2 points 1 year ago (2 children)

I use Microsoft Authenticator. I hadn't looked into open source options at the time when I needed one and it was the most immediately apparent alternative to the Google Authenticator on the Play Store.

load more comments (2 replies)
[–] PapyrusOsiris@reddthat.com 2 points 1 year ago

I use Aegis for 2FA and keepassdx for password management. Syncthing keeps everything synced across devices without any effort on my part.

[–] nx5qly@pawb.social 2 points 1 year ago* (last edited 1 year ago)

After my Authy fiasco, I use Authenticator Pro, Zoho OneAuth, and Microsoft Authenticator.

Auth Pro is my main (auto backup to Nextcloud). The other apps are for redundancy.

[–] shortwavesurfer@monero.town 2 points 1 year ago (3 children)

I use keepass (yes, i am fully aware having the password and second factor together is bad). The only defense i have is that my database is never uploaded to the cloud and is synced either via flash drive or syncthing. Also my master password is over 20 characters with lower, capital, numbers, and symbols.

[–] assa123@readit.buzz 1 points 1 year ago (1 children)

I have the same setup. But you can avoid the risk of both being in the same place by having a passwords only DB on your pc and a TOTP/Auth only in your phone (or also in PC but with different master pass and usually closed)

load more comments (1 replies)
load more comments (2 replies)
[–] bitwolf@lemmy.one 2 points 1 year ago* (last edited 1 year ago)

I use both Aegis and VaultWarden (self-hosted). Both can be backed up locally or synced.

[–] millions@kbin.social 2 points 1 year ago

I usually use authy for 2fa and bitwarden for passwords

[–] daFRAKKINpope@lemmy.one 2 points 1 year ago (1 children)

Started with self hosting Vaultwarden

Moved onto an annual family subscription to Bitwarden

load more comments (1 replies)
[–] nicola@lemmy.nzambello.dev 1 points 1 year ago

I use the open source BitWarden password manager as a self hosted service and I am using its otp feature as it is really handy

[–] solarzones@kbin.social 1 points 1 year ago (1 children)

I'm using Google Authenticator. It was recommended by Discord and FACEIT at the time. FACEIT didn't let me queue for any CS:GO matches unless I had it. I don't know if i have the option to switch, but if I can... should I?

load more comments (1 replies)
load more comments
view more: next ›