MenacingMightAuthenticator App
dillI have been using this https://github.com/beemdevelopment/Aegis
Its great!
I'll second Aegis!
I also use Aegis, it has worked well. For backups I have it export automatically to a folder that is synced to a cloud file service.
hiajenI second aegis
I second Aegis too.
For iOS I use Raivo. https://apps.apple.com/us/app/raivo-otp/id1459042137
The best!
dylanSame. Switched over from Authy recently and I highly recommend it!
shiftenterI love the macOS clipboard feature.
That looks great! I won’t be able to switch though because I need it to work across everything, and sadly it doesn’t have web or Windows apps, which I would need for my day at work (since I can’t have my phone on me at work)
https://github.com/dani-garcia/vaultwarden with the official Bitwarden App/Firefox extension
driftySecond this
TomWrote a script to be able to use it with
rbw and Wofi/Rofi.
I use keepass (yes, i am fully aware having the password and second factor together is bad). The only defense i have is that my database is never uploaded to the cloud and is synced either via flash drive or syncthing. Also my master password is over 20 characters with lower, capital, numbers, and symbols.
I have the same setup. But you can avoid the risk of both being in the same place by having a passwords only DB on your pc and a TOTP/Auth only in your phone (or also in PC but with different master pass and usually closed)
Yeah, I currently do something similar to this. I'm actually thinking of getting a pair of physical hardware keys/authenticators. That way I can toss one in a safe deposit box, if I should randomly end up dead while climbing a mountain pass.
Zak8022Well, TIL it’s not a good idea to have passwords and 2FA in the same place. I use 1Password and have had almost all my 2FA’s in there since they added support for it.
aliensI use Aegis for important apps and store all non-critical ones in vaultwarden. It's a good trade-off in my opinion of having the convenience for less important things but still be secure and not having a single point of compromise for my critical, sensitive apps.
TairikuOkamiMS Authenticator and 2fast as a backup. I would never rely on a single app, it's database could get corrupted or removed, if it is online, it could stop working or get removed from store, etc.
RyanAegis is a good one for Android. I use the totp field in my keepassxc database that I open with a password (or fingerprint) and my yubikey to store my auth codes. I use this with syncthing running on a raspberry pi so it syncs the password database across my phone and all my computers.
andOTP for me
I will second this. Liteweight, does only what you need. Bonus points for being on F-Droid.
kaduI used Bitwarden for a while because I liked having everything on one app. A bug with their service made me spent a day without my 2FA codes, and if your subscription fails to renew by accident they also lock the codes. Noped right out of there.
I now use Google Authenticator. Nothing special, not going to be the favorite comment on a privacy community... But it works, is free, syncs across devices, is guaranteed to work well on Android. Super simple.
You can use custom Vaultwarden instances for unfettered access to Bitwarden 2fa, I host an instance myself
I've started using Ente Auth, I like it's design and how it shows you the "next" code in case the current one is about to expire.
solarzonesI'm using Google Authenticator. It was recommended by Discord and FACEIT at the time. FACEIT didn't let me queue for any CS:GO matches unless I had it. I don't know if i have the option to switch, but if I can... should I?
I use Authy. Its fine.
pgetsosI also use Authy, it is also very handy having it handle backup on its own and also having easily 2fa from my PC is a killer option
That said, I want to move to a local and OSS one for a long time, but I'm too bored to move so many accounts..
sgtgaryiOS now lets you authenticate from within the OS. This is super convenient in the Apple ecosystem, though I’m not sure if it’s the best for security. I do keep my iCloud now fully encrypted.
pvrI use Bitwarden (I know opinions are split when it comes to passwords and 2FA being in separate apps). But I like the convenience of it all being in one platform.
I also like Raivo, you can import/export them too.
I use bitwarden and only put totp codes in it for “low risk” uses.
Thinks like email accounts or ones associated to bank etc I keep in google Authenticator (not synced to the cloud)
I also keep a spare phone with the google auth totp codes loaded in case I lose my phone.
sabre3999You can set Bitwarden to require your master password for higher security logins. I keep a separate vault for work and personal things... Everything in my work vault requires it's master password to use them. The OTPs are useless without credentials, and you need the master password to get at those even when the vault is unlocked. YMMV but to me, this was "good enough" to ensure a separation of concerns between low and high risk.
This is the first time I'm hearing about this feature and am interested. But I feel like it would be better to use a different password than your master for these higher security logins. The thought being that, if someone has access to your passwords, they likely have access to your master password as well, unless they had access to an already unlocked vault.
kalipikeI also use Bitwarden both for passwords and TOTP. I secure it with password + Yubikey. Works well enough it seems! If I ever have any concerns I'll move TOTP to Aegis in a heartbeat though.
LollerCorleoneI use andOTP, but will soon be switching to Aegis as andOTP is no longer updated.
chaercoffeethere's a fork of andOTP, theOTPPlus.
Interesting, thanks for letting me know!
I use Vaultwarden server with the Bitwarden app for all passwords and 2fa keys in one app
workinkindofhardAn nfc enabled Yubikey so I can use it with my phone and computer
dblsaikoSame here. I have two keys (one as backup just in case). I just wish more stuff would support FIDO2 so I don't need to have as many TOTP keys.
gingermanI have 2 yubi keys for the more important systems and store the rest in bitwarden.
With your 2 yubi keys, is it possible to set one up as a clone of the other? I've been manually adding to both keys but that's a pain when I don't have the backup with me.
No, you do have to set them up separately/while you have both on hand. Being able to clone them would kind of defeat their point :)
Another vote for bitwarden. They have self host options. I use vaultwarden to self host it.
millionsI usually use authy for 2fa and bitwarden for passwords
Raivo OTP for iOS. Open-source and allows easy exporting for backup or migration. I previously felt stuck on Authy but used Raivo's migration guide.
cjerringtonI was going to mention this as well. I went from Google, to Authy, to Raivo OTP and never looked back. Their sync system is great too.
They have a website too with more articles as well https://raivo-otp.com/
Another upvote for Raivo!
JarmerThis is exactly what I’ve been looking for! Thank you so much.
No problem!
i use aegis, it is open source and does not have internet access. you can export and import your secret codes and it has an automatic local backup. it automatically creates a backup of the vault to external storage when changes are made. to backup my vault i use rclone with encryption to backup it to google drive. i also made a termux shortcut script that makes a copy of my vault to sd card.
animist+1 for aegis. Keep my secret codes in an encrypted backup file just in case
JackOfAllTraitsI use Aegis too!
Aegis is what I use too. I feel more comfortable with local backups which is why I went for it over those with cloud sync integration.
DustyI switched to aegis a while ago, it's been one of the best apps I've used for authentication. I was using Authelia for along time before that but my backup stopped working unbeknownst to me. I found out while doing a regular backup/restore test it had borked itself.
I use andOTP but I didn't realize it wasn't in active development. I might give aegis a try. I have a yubikey and once I get a second one I may move everything to that.
I switched from andOTP to Aegis when I found out about the development and I actually like it more! I was able to import all my saved credentials easily.
there's a fork of andOTP, here's the github repo: andOTPPlus. aegis is also awesome, i use it.
atocciI use Microsoft Authenticator. I hadn't looked into open source options at the time when I needed one and it was the most immediately apparent alternative to the Google Authenticator on the Play Store.
I use Microsoft Authenticator for work because of its integration with Microsoft 365. I hate the new "here, enter this two-digit number in the Authenticator app on your phone" pop-up, though I do understand the reasoning behind it.
Outside of work it's Authy, though.
I use Microsoft Authenticator as well - I’m on iOS and it’s the only app I found that has Cloud Sync which comes in really handy when I change phones.
I believe iOS Passwords also supports OTPs but the UX of the passwords app always felt a bit clunky to me.