So basically what title says.
Im using 2FA with google authenticator for multiple accounts. What if my phone gets stolen? Can I have some kind of backup? Or maybe sync with some self hosted service?
Bonus question: what 2FA should I use instead of google?
I uses https://authy.com/
Separat from my passwords
Just a heads up. There is no way to export from authy. So if you ever want to switch apps for whatever reason, lets say they were bought by big evil corp., then you would have to go and regenerate all your keys. Where as a good app would let you export and import from anywhere
lets say they were bought by big evil corp
Is this an intentional joke? (I often miss jokes so I am asking seriously)
Authy was bought ages ago by Twillio, which also owns Segment (customer data platform)… So Twilio may not be all that big, but they’re fairly big players in the tracking and ads space. Which I loathe.
I’m in this thread because I want to move away from Authy for this very reason.
Use Aegis on android or 2FAS on iOS. And just backup your seed on hdd/usb stick. Dont upload on cloud.
IOS has a 2FA feature included in the key chain (passwords) settings. No need for a third party app. If you backup passwords via icloud, you are already set.
Aegis is a free open source TOTP 2FA app like Google Authenticator, and available on both F-Droid and Google Play. You should be able to export from Google Authenticator and import into Aegis.
Edit: I had assumed because Aegis had an option to import from Google Authenticator that this would mean you could export in bulk. Bad assumption to make, it sounds like you can do it if you have a rooted phone but Authenticator doesn’t make it easy. I did find this that shows a method to do a handful at once: https://blog.jay2k1.com/2021/11/17/how-to-bulk-migrate-from-google-authenticator-to-aegis/
You should be able to export from Google Authenticator and import into Aegis.
If there is a way, I was unable to find it
I had assumed because Aegis had an option to import from Google Authenticator that this would mean you could export in bulk. Bad assumption to make, it sounds like you can do it if you have a rooted phone but Authenticator doesn’t make it easy. I did find this that shows a method to do a handful at once: https://blog.jay2k1.com/2021/11/17/how-to-bulk-migrate-from-google-authenticator-to-aegis/
Yes, I just did it. Go to google auth - transfer accounts - you get QR code, screenshot it - and import in Aegis
For one, Aegis is more well known. Aegis has 6k+ stars where FreeOTP+ has about 500. This doesn’t mean it’s better, just that people are more likely to recommend it.
Aegis also has more features, and can import from many different authenticator apps (though as many don’t allow exports, this may require technical knowledge to get the database and feed it in). If you have root then Aegis can pull directly from the other apps.
Aegis claims they are better than FreeOTP because the encrypt passwords at rest.
One big difference is FreeOTP+ lets you not have to enter a pin/password to see the codes while Aegis you need to enter a pin, password, or biometric to see your codes.
Popularity aside, you sold me on the import compatibility. FreeOTP+ can export to other FreeOTP+ installations, but I’ve had issues with exporting to other apps. I had to manually import using the secrets displayed within FreeOTP+. The encryption sold me. I will be migrating to Aegis. I haven’t heard of it until this post, and have been using FreeOTP+ sans encryption.
There are many forms of 2FA. I’m guessing you mean TOTPs oh you actually wrote that, my bad lol.
I copy the keys from Aegis to KeePassXC. KeyPassXC’s database is part of my regular backup. This way I have two apps generating the same TOTPs.
Personally I recommend just using KeePassXC and a KeePass app (I use KeePassium on iPhone).
You always have access to all your data that way. No company is monitoring you. A lot of apps make it very difficult to backup!
My totp database is in the cloud for syncing but needs a key file I don’t keep in the cloud (and a password). My passwords are entirely separate.
You could use a python script with oathtool copied onto each of your devices. This is not a good suggestion.
