What 2FA app you recommend?

    • KrisNDEnglish
      22 years ago

      I was going to say it but didn’t want to be the only one. I do recommend and use it though.

  • waldenEnglish
    42 years ago

    I’ve been happy with andOTP on Android.

    • I need NOSEnglish
      42 years ago

      It’s good. Just keep in mind that it hasn’t been updated in a while…

      • waldenEnglish
        22 years ago

        I hadn’t even noticed. With all the mentions of Aegis it looks like I was behind the times. Aegis was able to import my andOTP entries so I’ll give it a try.

  • @Elw@lemmy.sdf.org
    12 years ago

    Still use Google Authenticator. I know there are alternatives out there that have other features but I’m a pretty strong believer that my 2FA shouldn’t be backed up digitally. I keep any recovery information offline and prefer it that way.

    • waldenEnglish
      12 years ago

      I’ve used andOTP and now Aegis (as a result of this thread). Neither require cloud backups.

      • WeAreAllOneEnglish
        12 years ago

        I’ve used andotp for like 2 years. Why everyone is suggesting Aegis ? Did you find any major differences?

        • waldenEnglish
          22 years ago

          These apps are all pretty basic. I don’t see any major differences. It’s slightly more modern looking, and it checks a lot of boxes for people as far as being simple, open source, and available through multiple channels (Google Play being one). Apparently andOTP hasn’t had any updates in a while, but a 2FA app shouldn’t need many updates anyway.

          Things I want in a 2FA app:

          1. Can scan QR codes
          2. Categories
          3. Hide all numbers except the one I tap on
          4. Countdown indication
          5. Import/Export

          andOTP and Aegis both do all of this.

  • @Harrison@infosec.pub
    82 years ago

    Android is easy, Aegis.

    IOS is much harder. Right now, probably “2FAs”. Authy is owned by Twilio, Raivo was just bought out by an advertising company, and the others are either too small to get the exposure required for any level of security or charge for the feature.

    • westingham
      42 years ago

      I’m out of the loop, why is Authy being owned by Twilio a bad thing?

      • @Harrison@infosec.pub
        52 years ago

        It’s less that Twilio specifically owns it than problems resulting from corporate ownership. Briefly:

        1. You can’t get your data out of Authy. Actually you can, but it’s a long annoying process involving installing an out of date chrome extension and using developer tools.
        2. Privacy issues. Authy links a lot of data including location to your identity.
        3. Authy supports SMS account recovery (which is inherently insecure) and doesn’t allow users to disable it.
  • LerajeEnglish
    282 years ago

    For Android, Aegis. You can get it it on Play, on one of the numerous *-Droid sources or straight from GitHub with Obtanium.

    Simple to use, open source, does encrypted exports which I regularly backup (along with Bitwarden and SimpleNotes exports) to one of these (Amazon link). It’s perfect for me.

      • vegyk0z6
        82 years ago

        Moved to Raivo earlier this year and it’s great. Unfortunately it was just sold to a private company, so I’m looking for alternatives. From the replies here, might try 2FAs

  • ExtrasEnglish
    22 years ago

    For ios used to say raivo but i would honestly just make a kdbx file just for your totp seeds only and then use something like keepassium or strong box. I think those allow cloud syncing too but im not sure still keep local backups

  • Chemical WonkaEnglish
    122 years ago

    Undoubtedly Aegis for Android, because it has the easiest way to backup your codes. Excellent! And it is open source without internet connection.

  • @cheese_greater@lemmy.worldEnglish
    92 years ago

    I recommend KeePass and I encourage everyone to consider it given its platform-agnostic portable format. What happened to Raivo cannot happen to KeePass and its more of a universal solution as opposed to 1) Android: Aegis 2) iOS: Tofu or OTP etc.

    All of those are very good apps but the problem remains that they all have their own peculiar/specific format that doesn’t necessarily play nice with any other app. KeePass is a convention/format that doesn’t really vary between implementations.

    Edit: It also allows for choice in whether to keep it local or to safey sync in your choice of cloud service without exposing the contents unencrypted. If you don’t want to manage any of that, I would recommend Bitwarden and paying the $10 once and see if you’re still fine the next year without having to resubscribe if thats a problem for you.

    • @poring@lemm.eeEnglish
      32 years ago

      The problem here would be storing your passwords along with your 2fa. You’re basically giving away every information needed to enter your accounts in case someone get access to your vault.

      The best option would probably be using both KeePass and BitWarden. You store your passwords in one and your 2fa in the other.