• 1bluepixel
    link
    fedilink
    English
    4010 months ago

    Made the switch to Aegis a little while back. I like it a lot.

  • @Monomate@lemm.ee
    link
    fedilink
    English
    2410 months ago

    That’s an awful decision by Twilo. I deliberately only install Authy on my Desktop computers because they’re always at home and cannot be easily stolen/lost like my phone.

  • @whyNotSquirrel@sh.itjust.works
    link
    fedilink
    English
    18
    edit-2
    10 months ago

    Good thing I made the switch to 2FAS

    You still need my(edit: I need mine, but you can use yours) phone but with the Firefox add-on you just need to accept the pushed notification for it to autocomplete the code

    And it’s opensource

    • @Bangs42@lemmy.world
      link
      fedilink
      English
      310 months ago

      Thanks for the recommendation. Started working on migrating all of my 2FA over from Authy. The process sucks (that’s not the fault of 2FAS), but I really like 2FAS as an app so far.

    • FlumPHP
      link
      fedilink
      English
      2
      edit-2
      10 months ago

      I can’t tell from their page – is it syncing via a SaaS service or just out to a file store like Google Drive?

      Edit: It does sync with Google Drive and file exports. No SaaS component that I can see.

  • dantheclamman
    link
    fedilink
    English
    16
    edit-2
    10 months ago

    Twilio is under a lot of pressure from shareholders eager for more profit (CEO was just pushed out), so I figure this is just the start of a long wave of enshittification. I switched to Authenticator Pro (Android), which is much better in every way. Can backup between devices, has WearOS support, and a proper dark mode. I’d use bitwarden, but I hesitate to keep my TOTP keys in same place as my passwords

  • Pika
    link
    fedilink
    English
    910 months ago

    well I’m now in the market for a new MFA app, anyone have any recommendations? Preferably one with a desktop alternative.

    • @Bangs42@lemmy.world
      link
      fedilink
      English
      1010 months ago

      I’ve started migrating all of my 2FA over to 2FAS. No desktop app per se, but it does have extensions for all major browsers, and apps for iOS and Android. You control the syncing of the 2FA (either automatically via Google Drive or via manual bulk exports to a local file), no SaaS bullshit.

      • Pika
        link
        fedilink
        English
        110 months ago

        I think this was what I was planning on switching to when my current password manager subscription ran out anyway, and coincidentally I think it’s going to run out around the same time so this might be the alternative I try. I didn’t realize that you were able to use one time use codes via it

  • kingthrillgore
    link
    fedilink
    English
    810 months ago

    I use Authy on mobile and have for years. When they gonna discontinue that?

  • @mlaga97@lemmy.mlaga97.space
    link
    fedilink
    English
    8
    edit-2
    10 months ago

    Plugging pass/Password Store/Android Password Store for anyone wanting a good wrapper around git+pgp for desktop/Android using a YubiKey or similar hardware security key. It has pretty good OTP support built-in.

    • Norgur
      link
      fedilink
      2310 months ago

      Bitwarden can do everything Authy can afaik

      • @stealth_cookies@lemmy.ca
        link
        fedilink
        English
        1310 months ago

        It is a bad idea to have your password manager and 2FA be the same app though. You want to spread it around so one attack can’t break your logins.

        • @BearOfaTime@lemm.ee
          link
          fedilink
          English
          1
          edit-2
          10 months ago

          Good point.

          Is it realistic (i.e. is it secure enough) to self-host 2 Bitwarden, one for passwords, one for authentication?

          Or would splitting that between 2 Bitwarden logins work?

          I just throwing stuff at the wall, I haven’t thought either of these through yet.

        • Norgur
          link
          fedilink
          110 months ago

          While that is true, the risk of someone brute forcing into an account of mine on the login side than on mine. That’s what I use 2FA against. If they managed to break into my vault, they’d have broken into my Mailserver and whatnot, so…

        • methodicalaspect
          link
          fedilink
          English
          1010 months ago

          Need to pay for a subscription for TOTP. It’s like $10/year for the personal plan.

          • @CosmicTurtle@lemmy.world
            link
            fedilink
            English
            810 months ago

            Which is damn near cheap compared to other companies. I personally use dashlane (I know I know I should self host but I don’t trust myself for something as important as passwords) and that’s $60 for their premium package.

          • @reev@sh.itjust.works
            link
            fedilink
            English
            610 months ago

            I love my bitwarden but is it less secure to have all your eggs in one basket? That’s the main reason I’ve been using separate apps so far.

            • methodicalaspect
              link
              fedilink
              English
              110 months ago

              It may very well be, especially if the basket your eggs are in is full of holes. I always figure, as long as it isn’t a pad of paper on a desk, or a company that regularly makes headlines due to security breaches, I should be okay.

            • @ikidd@lemmy.world
              link
              fedilink
              English
              410 months ago

              I self-host, but I still pay for their premium because it’s a damn good product I want to see kept maintained for years to come.

              I mean, cmon, it’s $10. Almost cheaper than a banana.

              • @BearOfaTime@lemm.ee
                link
                fedilink
                English
                110 months ago

                That’s a good point.

                I’m not paying currently because I don’t use their online service.

                Adding them to my “Annual Donate to Software I find Useful” list, that I just started this year.

                I despise subscriptions. For apps that have a hosted portion, I understand them, but I’d still rather pay annually.

                • @ikidd@lemmy.world
                  link
                  fedilink
                  English
                  210 months ago

                  It’s $10 annually in case you thought it was monthly. I’d imagine if you went in and subbed, then cancelled the sub, you’d still have your year you paid for. But yah, I’d like an option to not auto-renew, even though I do.

      • @bdonvr@thelemmy.club
        link
        fedilink
        English
        410 months ago

        Yeah, I already run Vaultwarden. But like others I don’t really want to combine my tokens and passwords.

    • Justin
      link
      fedilink
      English
      410 months ago

      I just use FreeOTP+ on my phone. It’s a fork of a Red Hat authenticator, and completely open source and available on F-Droid.

      No sync, but you can export the TOTP secrets if you want to back them up/move them.

    • StarDreamer
      link
      fedilink
      English
      1
      edit-2
      10 months ago

      Bitwarden has TOTP support with a pro license. Or you can just selfhost (using vaultwarden) and have all the features instead.

  • @DLSantini@lemmy.ml
    link
    fedilink
    English
    2
    edit-2
    10 months ago

    I didn’t even realize they had a desktop app. I’ve been using the mobile app for a few years. I was just thinking about installing the mobile app in my WSA install, since it just didn’t even occur to me that there was a desktop version. I guess now it doesn’t matter either way.