this post was submitted on 19 Aug 2023
145 points (98.0% liked)

Open Source

31396 readers
66 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

If proprietary app is better and more robust I am willing to try it and assess it myself.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 152 points 1 year ago (5 children)

Aegis authenticator. Beats all proprietary apps I've tried so far

[–] [email protected] 38 points 1 year ago (1 children)

I'm leaving links here in case anyone needs them

It supports importing data from various 2FA apps and even allows you to generate Steamguard codes.

[–] [email protected] 3 points 1 year ago (2 children)

Steamguard? Since when? That's awesome!

[–] [email protected] 5 points 1 year ago (1 children)

I honestly don't know. I set it up with steamguard-cli few months ago and it's working like a charm.

load more comments (1 replies)
[–] [email protected] 3 points 1 year ago (2 children)

It's been there for quite a few years, I think

load more comments (2 replies)
[–] [email protected] 17 points 1 year ago (1 children)

Yep, it works perfectly

Bitwarden has it too, but eggs in one basket etc.

[–] [email protected] 5 points 1 year ago

Also, for bitwarden it's either a paid feature or you have to self host it

[–] [email protected] 6 points 1 year ago

One of those apps that just does its job, does it well and I never have to worry about it

[–] [email protected] 4 points 1 year ago

Thank you!

I'd been a happy user of andOTP for many years, unaware until now that it had been abandoned and that I therefore needed ro replace it. I looked through the recommendations posted here and came to the conclusion that Aegis indeed was the best recommendation.

Migrating from andOTP to Aegis by exporting an encrypted backup file from andOTP to the local filesystem and importing it in Aegis worked flawlessly.

One thing that I really liked in andOTP that Aegis doesn't have was the PGP export, it was just very nice to get encrypted backup files that I could decrypt directly using standard software that I already have and know how to use, entirely independent from any particular app. Aegis instead provides the decrypt.py script to decode and decrypt its own encrypted backup file format and while I've tested and verified that this works fine, simply using standard PGP was nicer.

But that's a minor detail. All in all, Aegis seems to do everything I need, and does it well.

[–] [email protected] 3 points 1 year ago

This is the best option. Love the app. But always remember to keep a backup of your tokens.

There is also ente.io authenticator app. It is available on fdroid. I think it supoorts cloud synchronisation as well.

[–] [email protected] 41 points 1 year ago
[–] [email protected] 31 points 1 year ago
[–] [email protected] 25 points 1 year ago

Aegis is a great Foss totp app

[–] [email protected] 23 points 1 year ago (3 children)

Aegis on mobile and keepassxc on desktop.

load more comments (3 replies)
[–] [email protected] 22 points 1 year ago (1 children)
[–] [email protected] 25 points 1 year ago (3 children)

I don't think that it's safe to leave both authentication factors in a single app.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

It depends on your risk profile, but yes, it's less secure. For some people the convenience is worth the risk, for others maybe not. If you opt to store 2fa keys in Bitwarden you'd definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.

[–] [email protected] 3 points 1 year ago (1 children)

If you opt to store 2fa keys in Bitwarden you'd definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.

With the risk of getting locked out if all your devices get logged out of Bitwarden! 🙈

[–] [email protected] 3 points 1 year ago

To clarify, you'd want to enable 2fa for Bitwarden and store the token for that in a different authenticator app - that way you can still log in to Bitwarden without already needing to be logged in

load more comments (2 replies)
[–] [email protected] 22 points 1 year ago (4 children)
[–] [email protected] 8 points 1 year ago (1 children)

I've used it for years for numerous phones. it's the best. Link for the lazy

https://apt.izzysoft.de/fdroid/index/apk/me.jmh.authenticatorpro

load more comments (1 replies)
[–] [email protected] 8 points 1 year ago (1 children)

Yes! I moved from aegis to it and it is much better imo.

[–] [email protected] 3 points 1 year ago

I love that you can back it up with a file... thatway i can put it somewhere safe and can recover my logins after my phone breaks

load more comments (1 replies)
[–] [email protected] 22 points 1 year ago* (last edited 1 year ago) (1 children)

I'd suggest the following

The really important step is to make sure to export and backup your 2FA codes in a safe place.

You don't want to be left in the mud because you lost or wiped your phone that contains the only method to get into your important accounts.

load more comments (1 replies)
[–] [email protected] 21 points 1 year ago (17 children)

Bitwarden and it's fully cross-platform. I like that it auto copies the 2FA pin to clipboard after filling in login - cuts out extra clicks and copy movements.

[–] [email protected] 11 points 1 year ago (4 children)

Vaultwarden is also a great and simple to self-host backend written in Go that runs in Docker.

load more comments (4 replies)
load more comments (16 replies)
[–] [email protected] 18 points 1 year ago

For me FreeOTP+ on fdroid is all I need. Its simple and just works.

[–] [email protected] 15 points 1 year ago
[–] [email protected] 13 points 1 year ago

I personally use KeePassXC (KeePassDX on android), it can have TOTP code generation for 2FA for any service. And since it's a password manager, it's secured by a master password.

[–] [email protected] 13 points 1 year ago (1 children)

FreeOTP+ from fdroid is what I'm using.

load more comments (1 replies)
[–] [email protected] 10 points 1 year ago

Aegis is my favorite.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

aegis is great, but 2fas has Google Drive sync and a browser extension.
lack of sync is a dealbreaker for me.

[–] [email protected] 5 points 1 year ago

Aegis, FreeOTP

[–] [email protected] 4 points 1 year ago

I recommend one of the FOSS apps in fdroid for this, don't use a proprietary one from Google Play (like the Google Authenticator).

[–] [email protected] 3 points 1 year ago (1 children)
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

I use Yubico Authenticator with my Yubikey (NFC and USB) and Vivokey Authenticator - which is a straight fork of the Yubico Authenticator - with my Vivokey Apex implant.

load more comments
view more: next ›