I’ve always been of the mindset that storing your 2fa next to your passwords at least partially defeats the purpose of 2fa.
The two types of attacks I worry about would be a hacked/leaked password from a third party site, or your password manager being compromised. While the latter is far less likely, it is still something I’d like to protect myself from as much as possible.
If my password manager is compromised, I’m well and truly fucked. If one site has shitty security (odds of which are approximately 1), having 2FA might help.
This shouldn’t be the case. Using password manager shouldn’t mean you only have one password, it should mean you have less password to remember. I use password manager for all the insignificant pages/apps like lemmy, strava, netflix, spotify. If someone hacks them they can cancel my subscription and that’s about it. I don’t store password for my email, bank or amazon in my password manager.
Las time I checked those that require a Microsoft or other propietary authenticator app that isn’t Google’s. They would force you to first use that propietary app and later export to Aegis. Correct me if I’m wrong, of course.
Just checked, you’re right about Google. Microsoft does allow you to use any app though. It’s funny that the “EEE” Microsoft is less anti-user than the “Don’t be evil” Google. But anyway, seeing how Google locks it down, I’m sure there must be others too. So you’re right
I was referring to other services requiring specific propietary authenticator apps. Many sites will be compatible with Aegis even if they don’t mention apps other than their own in their step-by-step guide.
Have you tried? If it isn’t compatible through scan or manual code input the 2FA setup simply won’t finish.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
iOS Authenticator Open source no frills 2fa
https://mattrubin.me/authenticator/
deleted by creator
2FAS or Ente Auth.
Did anyone say Aegis?
I say Aegis… He he, great app
I was going to say it but didn’t want to be the only one. I do recommend and use it though.
BitWarden. :)
Then what do you use for your password manager?
I’ve always been of the mindset that storing your 2fa next to your passwords at least partially defeats the purpose of 2fa.
The two types of attacks I worry about would be a hacked/leaked password from a third party site, or your password manager being compromised. While the latter is far less likely, it is still something I’d like to protect myself from as much as possible.
I’m using BW for both passwords and 2FA and have Yubikey set up for BitWarden.
If my password manager is compromised, I’m well and truly fucked. If one site has shitty security (odds of which are approximately 1), having 2FA might help.
This shouldn’t be the case. Using password manager shouldn’t mean you only have one password, it should mean you have less password to remember. I use password manager for all the insignificant pages/apps like lemmy, strava, netflix, spotify. If someone hacks them they can cancel my subscription and that’s about it. I don’t store password for my email, bank or amazon in my password manager.
2fas. aegis is great but it has no automatic google drive backup.
deleted by creator
It does have automatic Android cloud backups and does support local backups, which also supports backing up to Nextcloud.
android cloud backups are unreliable.
They’re very reliable from my experience
Posted on privacy and you recommended google drive
it doesn’t matter where it’s stored as long as it’s encrypted. Google obviously can’t look inside aes/password-encrypted backups
Aegis, even if some services won’t support it you’re better off not supporting those services.
Which services aren’t supported?
Las time I checked those that require a Microsoft or other propietary authenticator app that isn’t Google’s. They would force you to first use that propietary app and later export to Aegis. Correct me if I’m wrong, of course.
Just checked, you’re right about Google. Microsoft does allow you to use any app though. It’s funny that the “EEE” Microsoft is less anti-user than the “Don’t be evil” Google. But anyway, seeing how Google locks it down, I’m sure there must be others too. So you’re right
I was referring to other services requiring specific propietary authenticator apps. Many sites will be compatible with Aegis even if they don’t mention apps other than their own in their step-by-step guide. Have you tried? If it isn’t compatible through scan or manual code input the 2FA setup simply won’t finish.
Aegis.
I’ve been using Aegis Authenticator for about two years now . It is free and open-source, and works as expected.
Aegeis, like everyone else here lol
Authy or your preferred password manager
I also use authy, curious as to why I had to scroll so far to see it?
https://piped.video/watch?v=JHIAIzOPz3I&t=201
Undoubtedly Aegis for Android, because it has the easiest way to backup your codes. Excellent! And it is open source without internet connection.
deleted by creator
Yubikey authenticator
Aegis for android it’s the best , been using it for like 2 years now.