this post was submitted on 21 Aug 2023
54 points (100.0% liked)

Privacy Guides

16855 readers
46 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 2 years ago
MODERATORS
 

What 2FA app you recommend?

top 50 comments
sorted by: hot top controversial new old
[–] leraje@lemmy.blahaj.zone 29 points 1 year ago* (last edited 1 year ago) (1 children)

For Android, Aegis. You can get it it on Play, on one of the numerous *-Droid sources or straight from GitHub with Obtanium.

Simple to use, open source, does encrypted exports which I regularly backup (along with Bitwarden and SimpleNotes exports) to one of these (Amazon link). It's perfect for me.

[–] badgrandpa@lemmy.world 2 points 1 year ago (1 children)

Ive got iPhone. Raivo was good until now

[–] vegyk0z6@kbin.social 8 points 1 year ago (1 children)

Moved to Raivo earlier this year and it’s great. Unfortunately it was just sold to a private company, so I’m looking for alternatives. From the replies here, might try 2FAs

[–] BlueDepth9279@lemmy.world 2 points 1 year ago

Just started migrating to 2FAS from Raivo and Authy. So far so good.

[–] hellfire103@sopuli.xyz 18 points 1 year ago

For Android, I recommend Aegis [Play Store] [F-Droid]

For iOS, I recommend 2FAS [App Store]

For Linux, I recommend OTPClient [Flathub]

For BSD, either try compiling OTPClient from source, or use KeePass.

Aegis for android it's the best , been using it for like 2 years now.

[–] chemicalwonka@discuss.tchncs.de 12 points 1 year ago

Undoubtedly Aegis for Android, because it has the easiest way to backup your codes. Excellent! And it is open source without internet connection.

[–] ExLisper@linux.community 11 points 1 year ago (2 children)
[–] KrisND@lemmy.world 2 points 1 year ago

I was going to say it but didn't want to be the only one. I do recommend and use it though.

load more comments (1 replies)
[–] cheese_greater@lemmy.world 9 points 1 year ago* (last edited 1 year ago) (2 children)

I recommend KeePass and I encourage everyone to consider it given its platform-agnostic portable format. What happened to Raivo cannot happen to KeePass and its more of a universal solution as opposed to 1) Android: Aegis 2) iOS: Tofu or OTP etc.

All of those are very good apps but the problem remains that they all have their own peculiar/specific format that doesn't necessarily play nice with any other app. KeePass is a convention/format that doesn't really vary between implementations.

Edit: It also allows for choice in whether to keep it local or to safey sync in your choice of cloud service without exposing the contents unencrypted. If you don't want to manage any of that, I would recommend Bitwarden and paying the $10 once and see if you're still fine the next year without having to resubscribe if thats a problem for you.

[–] poring@lemm.ee 3 points 1 year ago

The problem here would be storing your passwords along with your 2fa. You're basically giving away every information needed to enter your accounts in case someone get access to your vault.

The best option would probably be using both KeePass and BitWarden. You store your passwords in one and your 2fa in the other.

[–] ebits21@lemmy.ca 1 points 1 year ago (1 children)

Same. I pair it with KeePassium on iOS.

[–] PlantDna@mander.xyz 2 points 1 year ago (1 children)

How can I use KeePassium with 2FA?

[–] ebits21@lemmy.ca 2 points 1 year ago (1 children)

Just create an entry and at the bottom setup one time password OTP

Then scan a QR code or enter manually.

Then click the clock to the right of your entry to get the 6 digit code.

[–] PlantDna@mander.xyz 1 points 1 year ago (1 children)

Thanks! I will try this. I never knew it existed

[–] ebits21@lemmy.ca 2 points 1 year ago* (last edited 1 year ago)

No worries. There’s instructions from KeePassium too if it helps.

KeePassXC supports the codes on desktop.

[–] Harrison@infosec.pub 8 points 1 year ago (1 children)

Android is easy, Aegis.

IOS is much harder. Right now, probably "2FAs". Authy is owned by Twilio, Raivo was just bought out by an advertising company, and the others are either too small to get the exposure required for any level of security or charge for the feature.

[–] westingham@kbin.social 4 points 1 year ago (1 children)

I'm out of the loop, why is Authy being owned by Twilio a bad thing?

[–] Harrison@infosec.pub 5 points 1 year ago (2 children)

It's less that Twilio specifically owns it than problems resulting from corporate ownership. Briefly:

  1. You can't get your data out of Authy. Actually you can, but it's a long annoying process involving installing an out of date chrome extension and using developer tools.
  2. Privacy issues. Authy links a lot of data including location to your identity.
  3. Authy supports SMS account recovery (which is inherently insecure) and doesn't allow users to disable it.
[–] westingham@kbin.social 2 points 1 year ago

I appreciate the info, thank you!

[–] Meganium97@lemmy.blahaj.zone 2 points 1 year ago

How do I transfer to aegis from authy?

[–] xusontha@ls.buckodr.ink 7 points 1 year ago

Aegeis, like everyone else here lol

[–] yessikg@lemmy.film 7 points 1 year ago

Yubikey authenticator

[–] abc@lemmus.org 6 points 1 year ago

I've been using Aegis Authenticator for about two years now . It is free and open-source, and works as expected.

[–] Asudox@lemmy.world 5 points 1 year ago
[–] TheButtonJustSpins@infosec.pub 5 points 1 year ago (1 children)
[–] JonEFive@midwest.social 6 points 1 year ago (2 children)

Then what do you use for your password manager?

I've always been of the mindset that storing your 2fa next to your passwords at least partially defeats the purpose of 2fa.

The two types of attacks I worry about would be a hacked/leaked password from a third party site, or your password manager being compromised. While the latter is far less likely, it is still something I'd like to protect myself from as much as possible.

[–] TheButtonJustSpins@infosec.pub 5 points 1 year ago (1 children)

If my password manager is compromised, I'm well and truly fucked. If one site has shitty security (odds of which are approximately 1), having 2FA might help.

load more comments (1 replies)
[–] zap_cat@kbin.social 1 points 1 year ago

I'm using BW for both passwords and 2FA and have Yubikey set up for BitWarden.

[–] walden@sub.wetshaving.social 4 points 1 year ago (1 children)

I've been happy with andOTP on Android.

[–] Supercharger@lemm.ee 4 points 1 year ago (1 children)

It's good. Just keep in mind that it hasn't been updated in a while...

[–] walden@sub.wetshaving.social 2 points 1 year ago

I hadn't even noticed. With all the mentions of Aegis it looks like I was behind the times. Aegis was able to import my andOTP entries so I'll give it a try.

[–] 13@calckey.world 4 points 1 year ago

I use keepassxc for both passwords and 2FA

[–] HughJanus@lemmy.ml 4 points 1 year ago (2 children)

Authy or your preferred password manager

load more comments (2 replies)
[–] vox@sopuli.xyz 3 points 1 year ago (3 children)

2fas. aegis is great but it has no automatic google drive backup.

[–] lastweakness@lemm.ee 4 points 1 year ago (2 children)

It does have automatic Android cloud backups and does support local backups, which also supports backing up to Nextcloud.

load more comments (2 replies)
[–] Zuberi@lemmy.dbzer0.com 2 points 1 year ago (1 children)

Posted on privacy and you recommended google drive

[–] vox@sopuli.xyz 4 points 1 year ago* (last edited 1 year ago)

it doesn't matter where it's stored as long as it's encrypted. Google obviously can't look inside aes/password-encrypted backups

[–] Extrasvhx9he@lemmy.today 2 points 1 year ago* (last edited 1 year ago)

For ios used to say raivo but i would honestly just make a kdbx file just for your totp seeds only and then use something like keepassium or strong box. I think those allow cloud syncing too but im not sure still keep local backups

[–] detun3d@lemm.ee 1 points 1 year ago (4 children)

Aegis, even if some services won't support it you're better off not supporting those services.

load more comments (4 replies)
[–] Elw@lemmy.sdf.org 1 points 1 year ago (1 children)

Still use Google Authenticator. I know there are alternatives out there that have other features but I'm a pretty strong believer that my 2FA shouldn't be backed up digitally. I keep any recovery information offline and prefer it that way.

[–] walden@sub.wetshaving.social 1 points 1 year ago (1 children)

I've used andOTP and now Aegis (as a result of this thread). Neither require cloud backups.

[–] WeAreAllOne@lemm.ee 1 points 1 year ago (1 children)

I've used andotp for like 2 years. Why everyone is suggesting Aegis ? Did you find any major differences?

[–] walden@sub.wetshaving.social 2 points 1 year ago (1 children)

These apps are all pretty basic. I don't see any major differences. It's slightly more modern looking, and it checks a lot of boxes for people as far as being simple, open source, and available through multiple channels (Google Play being one). Apparently andOTP hasn't had any updates in a while, but a 2FA app shouldn't need many updates anyway.

Things I want in a 2FA app:

  1. Can scan QR codes
  2. Categories
  3. Hide all numbers except the one I tap on
  4. Countdown indication
  5. Import/Export

andOTP and Aegis both do all of this.

load more comments (1 replies)
load more comments
view more: next ›