What authenticator app do you use? How do you backup? Any open source self hosted options?

  • pvr@beehaw.org
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    1
    ·
    2 years ago

    I use Bitwarden (I know opinions are split when it comes to passwords and 2FA being in separate apps). But I like the convenience of it all being in one platform.

    I also like Raivo, you can import/export them too.

    • sabre3999@kbin.social
      link
      fedilink
      arrow-up
      6
      ·
      2 years ago

      You can set Bitwarden to require your master password for higher security logins. I keep a separate vault for work and personal things… Everything in my work vault requires it’s master password to use them. The OTPs are useless without credentials, and you need the master password to get at those even when the vault is unlocked. YMMV but to me, this was “good enough” to ensure a separation of concerns between low and high risk.

      • DarthRedLeader@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        This is the first time I’m hearing about this feature and am interested. But I feel like it would be better to use a different password than your master for these higher security logins. The thought being that, if someone has access to your passwords, they likely have access to your master password as well, unless they had access to an already unlocked vault.

    • Freeman@lemmy.pub
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      2 years ago

      I use bitwarden and only put totp codes in it for “low risk” uses. Like say…a Reddit account.

      Thinks like email accounts or ones associated to bank etc I keep in google Authenticator (not synced to the cloud)

      I also keep a spare phone with the google auth totp codes loaded in case I lose my phone.

      At the service level I also keep backup codes or use a yubikey when possible. So even MFA at the account level often has options, even if it’s “my phone is across the room and I’m too lazy, backup code time”

    • kalipike@lemmy.one
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      I also use Bitwarden both for passwords and TOTP. I secure it with password + Yubikey. Works well enough it seems! If I ever have any concerns I’ll move TOTP to Aegis in a heartbeat though.