54

2FA app

posted
by
Avatar
badgrandpa69@lemmy.world
in
Avatar
privacyguides@lemmy.one
55 comments
hidereport

What 2FA app you recommend?

Sort:
HotTopControversialNewOld
Avatar
Detun3d@lemm.ee
1 point

Aegis, even if some services won’t support it you’re better off not supporting those services.

permalink
report
reply
Avatar
lastweakness@lemm.ee
1 point

Which services aren’t supported?

permalink
report
parent
reply
Avatar
Detun3d@lemm.ee
2 points

Las time I checked those that require a Microsoft or other propietary authenticator app that isn’t Google’s. They would force you to first use that propietary app and later export to Aegis. Correct me if I’m wrong, of course.

permalink
report
parent
reply
Avatar
lastweakness@lemm.ee
2 points
*

Just checked, you’re right about Google. Microsoft does allow you to use any app though. It’s funny that the “EEE” Microsoft is less anti-user than the “Don’t be evil” Google. But anyway, seeing how Google locks it down, I’m sure there must be others too. So you’re right

permalink
report
parent
reply
Show more comments
Avatar
Elw@lemmy.sdf.org
1 point

Still use Google Authenticator. I know there are alternatives out there that have other features but I’m a pretty strong believer that my 2FA shouldn’t be backed up digitally. I keep any recovery information offline and prefer it that way.

permalink
report
reply
Avatar
walden@sub.wetshaving.social
1 point

I’ve used andOTP and now Aegis (as a result of this thread). Neither require cloud backups.

permalink
report
parent
reply
Avatar
WeAreAllOne@lemm.ee
1 point

I’ve used andotp for like 2 years. Why everyone is suggesting Aegis ? Did you find any major differences?

permalink
report
parent
reply
Avatar
walden@sub.wetshaving.social
2 points

These apps are all pretty basic. I don’t see any major differences. It’s slightly more modern looking, and it checks a lot of boxes for people as far as being simple, open source, and available through multiple channels (Google Play being one). Apparently andOTP hasn’t had any updates in a while, but a 2FA app shouldn’t need many updates anyway.

Things I want in a 2FA app:

  1. Can scan QR codes
  2. Categories
  3. Hide all numbers except the one I tap on
  4. Countdown indication
  5. Import/Export

andOTP and Aegis both do all of this.

permalink
report
parent
reply
Show more comments
Avatar
walden@sub.wetshaving.social
4 points

I’ve been happy with andOTP on Android.

permalink
report
reply
Avatar
I need NOS@lemm.ee
4 points

It’s good. Just keep in mind that it hasn’t been updated in a while…

permalink
report
parent
reply
Avatar
walden@sub.wetshaving.social
2 points

I hadn’t even noticed. With all the mentions of Aegis it looks like I was behind the times. Aegis was able to import my andOTP entries so I’ll give it a try.

permalink
report
parent
reply
Avatar
Leraje@lemmy.blahaj.zone
29 points
*

For Android, Aegis. You can get it it on Play, on one of the numerous *-Droid sources or straight from GitHub with Obtanium.

Simple to use, open source, does encrypted exports which I regularly backup (along with Bitwarden and SimpleNotes exports) to one of these (Amazon link). It’s perfect for me.

permalink
report
reply
Avatar
badgrandpa69@lemmy.worldOP
2 points

Ive got iPhone. Raivo was good until now

permalink
report
parent
reply
Avatar
vegyk0z6@kbin.social
8 points

Moved to Raivo earlier this year and it’s great. Unfortunately it was just sold to a private company, so I’m looking for alternatives. From the replies here, might try 2FAs

permalink
report
parent
reply
Avatar
BlueDepth9279@lemmy.world
2 points

Just started migrating to 2FAS from Raivo and Authy. So far so good.

permalink
report
parent
reply
Avatar
Harrison@infosec.pub
8 points

Android is easy, Aegis.

IOS is much harder. Right now, probably “2FAs”. Authy is owned by Twilio, Raivo was just bought out by an advertising company, and the others are either too small to get the exposure required for any level of security or charge for the feature.

permalink
report
reply
Avatar
westingham@kbin.social
4 points

I’m out of the loop, why is Authy being owned by Twilio a bad thing?

permalink
report
parent
reply
Avatar
Harrison@infosec.pub
5 points

It’s less that Twilio specifically owns it than problems resulting from corporate ownership. Briefly:

  1. You can’t get your data out of Authy. Actually you can, but it’s a long annoying process involving installing an out of date chrome extension and using developer tools.
  2. Privacy issues. Authy links a lot of data including location to your identity.
  3. Authy supports SMS account recovery (which is inherently insecure) and doesn’t allow users to disable it.
permalink
report
parent
reply
Avatar
westingham@kbin.social
2 points

I appreciate the info, thank you!

permalink
report
parent
reply
Avatar
Meganium97@lemmy.blahaj.zone
2 points
*
Deleted by creator
permalink
report
parent
reply

Privacy Guides

!privacyguides@lemmy.one

Create post

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more…

Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don’t ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don’t repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

Community stats

  • 845

    Monthly active users

  • 626

    Posts

  • 10K

    Comments

Community moderators