291
Google will now make passkeys the default for personal accounts
(arstechnica.com)
This is a most excellent place for technology news and articles.
Authy on the phone while also using their desktop app. If you lose the phone you still have options.
Each to their own but cloud syncing and MFA are a bad mix in my eyes. It has a "who watches the watchmen" problem and it somewhat defeats the point of having a trusted factor when you have an untrusted one on "someone else's computer".
Authy have demonstrated why this is a problem (https://techcrunch.com/2022/08/26/twilio-breach-authy/), plus they're closed source, so it's a big no from me.
Vaultwarden, a FOSS Bitwarden server compatible with upstream clients, is able to store TOTP, and when self hosted, you are the watchmen.
Yeah, this is fine. It's closed source, opaque cloud solutions that people should be wary of.