One more step to unhitching from Google…
Right now the only option I see in F-Droid is Aegis.
I’m not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.
Hopefully something I can sync with a GNOME app…
I use Aegis, automatically backed up every time a new key is added. Was using Authy for a while, but they’re going down the enshittification hole, so I dumped them.
Ente
Ente
Ente
Ente
Aegis.
I like the auto backup feature (encrypted) . Then the backup is synced to computer via Syncthing.
Set and forget setup.
I also use aegis. Have been for years and it works great
Bitwarden
Bitwarden
I’m a little concerned about having OTP and passwords together in one system.
OTP is on my phone, Bitwarden is on my computer. I don’t use the OTP in Bitwarden.
This is the way. I use Bitwarden and Aegis.
The issue here is putting Bitwarden on your phone with OTP in Bitwarden.
Yah, I can’t see a point to have another app/extension when Bitwarden has it built in, and it’s a great password manager.
The point of 2FA is “something you have” and “something you know” to enter a secured system.
If you put both of those into one system that is accessible by one password, the whole concept is defeated.
My threat model isn’t having someone take my computer and log into stuff so my concern when using 2FA is more about them having gotten hold of a password remotely. But a TOTP makes that password pretty hard to use, no matter where it’s stored. And my BW is also protected by a Yubi/password combo, so I guess I’m just vulnerable to having that beaten out of me.
Wait, it does? Including in the mobile app? I don’t see it.
Right under Password in the edit screen of an item: Authenticator Key. You put in the auth key the target site provides you when you enable TOTP and it will start generating timed tokens. Usually you’ll also get a one-time pad of backup keys, I usually toss those in the Notes of the edit screen there as well in case something goes wrong.
The browser extension also lets you scan the page for QR codes for the TOTP key.
I’ve been using Aegis for several years now without any problems. It replaced the Google Authenticator seamlessly.
FreeOTP+
I use Aegis on my phone.
I use Proton Authenticator on an iPhone without an account and I am satisfied
I primarily use GNOME Authenticator, but after an inopportune crash, I now also run 2FAuth on my home server as a backup, and now just hope that I remember to do the export/import dance going forward.
I use
passfor my passwords, and it has anotpextension that I’ve been using more and more. I used to use aegis but I have needed to switch phones one too many times without having access to the previous phone to be comfortable with phones for 2fa.Of course, this isn’t as secure as a truly separate OTP solution, but it’s still better than no OTP/2FA. And I can easily enough back up and restore my 2fa access over the internet, even on a new computer (albeit I need to also backup a PGP key that can decrypt the password store to truly be portable).
This is what I do. If someone can figure out pass with my password protected gpg, plus my passwords are partials (I salt them), and otp then they can have my access
plus my passwords are partials (I salt them)
I’m curious how you make that work - do you just remember the salts, store them separately, or what? I have like 50-70 passwords in my store currently, there’s no way I’m remembering a (true random) salt for each one.
keepassxc and a yubikey. And syncthing to keep all devices in sync
Vaultwardwn/bitwarden + a yubikey for bitwarden itself and a few others
I like Aegis.
I used to use 2FAS, but recently switched to a self-hosted instance of Ente
I use Aegis, it works well
