It’s time for me to move from SMS to a 2FA Authenticator app. I want something that will be open source but also ridiculously easy to back up, transfer to a new device, or replace if it is on a device that fails. I want it to be versatile enough to use across all necessary authentications. I also want to be sure that I can use the same app for many many years. I don’t want it tied into another service.
What’s my best option?
I use Bitwarden as a password manager and 2FA manager. I like that Bitwarden automatically copies the 2FA number after filling a password — if you want it to — so I just hit paste and it’s all quick and easy. It’s a lot of trust to put in one product/company, obviously, but I use biometric, FIDO, or ssh keys for critical stuff (at least where I have the option).
I also use Authy, in part because I used it for years before switching to Bitwarden. I liked Authy a lot but it was just less convenient than using Bitwarden. Also, a few sites — Twilio (Authy’s parent company) ones, specifically — seem to require Authy.
Passwordless is coming along but pretty slowly. So, definitely setup 2FA. Tech companies can’t seem to wait to switch to passwordless. Other types of businesses are super conservative about logins and probably won’t adopt it for a few more years.