What authenticator app do you use? How do you backup? Any open source self hosted options?

    • animist@lemmy.one
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      +1 for aegis. Keep my secret codes in an encrypted backup file just in case

    • Dusty@lemmy.dustybeer.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      I switched to aegis a while ago, it’s been one of the best apps I’ve used for authentication. I was using Authelia for along time before that but my backup stopped working unbeknownst to me. I found out while doing a regular backup/restore test it had borked itself.

  • DarthRedLeader@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 years ago

    I use Aegis, which automatically backs up with each change to the database to a folder that gets synced to a couple of different computers via syncthing.

    For backup codes, I have a separate keypass database that’s backed up to a couple of places. I thought about using Bitwarden for this backup, but having my 2FA backups in the same place as my passwords kinda defeated the point, IMO.

    Anyway, this system has worked well for me.

  • Vanon@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    2 years ago

    2FAS, because it’s fucking beautiful (UI, dark mode, lovely site logos). It has a couple backup options. Also using Bitwarden (paid feature) for less important sites; it’s quicker but I prefer my 2FA truly separate from passwords.

    • AngryDemonoid@lemmy.lylapol.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      This looks great! Was going to give it a try, but it doesn’t pull in the service name when importing from Aegis. I don’t want to try it bad enough to manually edit every entry. Lol.

  • divinely_splashing@lemmy.worldB
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 years ago

    Yubico Authenticator and Aegis depending on the importance of the account. I have a secondary Yubikey for quick access backups and a keepass database exclusively for my TOTP keys that I backup to my nextcloud server in real time with versioning. Similarly, I backup my Aegis backups with the nextcloud app.

  • pvr@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 years ago

    I use Bitwarden (I know opinions are split when it comes to passwords and 2FA being in separate apps). But I like the convenience of it all being in one platform.

    I also like Raivo, you can import/export them too.

    • sabre3999@kbin.social
      link
      fedilink
      arrow-up
      3
      ·
      2 years ago

      You can set Bitwarden to require your master password for higher security logins. I keep a separate vault for work and personal things… Everything in my work vault requires it’s master password to use them. The OTPs are useless without credentials, and you need the master password to get at those even when the vault is unlocked. YMMV but to me, this was “good enough” to ensure a separation of concerns between low and high risk.

      • DarthRedLeader@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        This is the first time I’m hearing about this feature and am interested. But I feel like it would be better to use a different password than your master for these higher security logins. The thought being that, if someone has access to your passwords, they likely have access to your master password as well, unless they had access to an already unlocked vault.

    • Freeman@lemmy.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      2 years ago

      I use bitwarden and only put totp codes in it for “low risk” uses. Like say…a Reddit account.

      Thinks like email accounts or ones associated to bank etc I keep in google Authenticator (not synced to the cloud)

      I also keep a spare phone with the google auth totp codes loaded in case I lose my phone.

      At the service level I also keep backup codes or use a yubikey when possible. So even MFA at the account level often has options, even if it’s “my phone is across the room and I’m too lazy, backup code time”

    • kalipike@lemmy.one
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      I also use Bitwarden both for passwords and TOTP. I secure it with password + Yubikey. Works well enough it seems! If I ever have any concerns I’ll move TOTP to Aegis in a heartbeat though.

  • MrTHXcertified@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    2 years ago

    Authy for OTP, Bitwarden for passwords.

    As long as my provider shows some concern for the sensitivity of the data I entrust them with, I’m good.

    • sabre3999@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      2 years ago

      Same here, though I’m starting to move my OTP over to Bitwarden as well. Way more convenient - as a developer, I spend a lot of time off my phone. Makes more sense to let Bitwarden manage those so I don’t have to pick up my phone as often.

      I’m also slightly distrustful of closed-source Authy, whereas Bitwarden is open source and audited for security by third parties.

  • DigitalBits@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 years ago

    I usually just use KeePassXC, which is open source and self hosted (kinda). It’s synced over onedrive, though something like syncthing would work fine too.

    No backups per-se, but onedrive should handle accidentally deleted files, and the database is on a few machines anyway so the chances of anything permanently happening to all copies are rather slim.

  • haych@lemmy.one
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 years ago

    I was on Authy, but painfully migrated to Aegis. I keep a backup on my NAS just in case.

    I think Authy was the better app, and good with it working on my PC, but Aegis is more secure so that won.

    • pivotraze@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      That looks great! I won’t be able to switch though because I need it to work across everything, and sadly it doesn’t have web or Windows apps, which I would need for my day at work (since I can’t have my phone on me at work)

  • bitwolf@lemmy.one
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 years ago

    I use both Aegis and VaultWarden (self-hosted). Both can be backed up locally or synced.