The official GitHub app. Yes, it's not universal for other sites, but you get 2FA and a much more pleasant browsing experience.
For a universal solution, give Aegis a try.
The official GitHub app. Yes, it's not universal for other sites, but you get 2FA and a much more pleasant browsing experience.
For a universal solution, give Aegis a try.
andOTP is the only app I know of that's on F-Droid and has a feature to make an encrypted backup to a file.
Unfortunately it hasn't been updated in awhilee, but I dont think there's an alternative.
I actually try to use authenticator apps as little as possible. Having to unlock your phone and open the app each time is too much hassle.
Instead I have four Yubikeys, not security keys, that I store my OTP 2FA codes on. One for personal codes, one for work codes, and the other two as backups for the first two. The backups protect me from hardware failure, the keys being stolen, or lost. One downside of the backup plan is having to scan the QR code twice, once per Yubikey.
Each Yubikey can store 32 OTP codes on the smart card part of the Yubikey. The 32 code limitation is why I have personal and work codes on separate keys. I did run into this limit.
This isn't the cheapest solution. In addition you could argue it also isn't the most secure, but that depends on the attack vector and circumstance.
With this setup I can use the Yubico Authenticator desktop to copy and paste the codes into the browser. While mobile I can use the mobile form of the same app. Also all my Yubikeys have NFC, so I can use that method if I want instead of just USB.
As mentioned in a different comment I highly recommend not storing 2FA codes in password managers like Bitwarden. It creates an all eggs one basket problem, which is exactly what 2FA codes are trying to avoid.
Does anyone have any suggestion for iOS? Raivo seems to fallen from grace recently.
Bitwarden. Works with autofill too.
KeepassDX already has TOTP
I am not a big fan of storing the passwords and 2fa together since if it is compromised, you lose both layers at the same time. But the alternative is not so convenient. But then in security, it is always a balance between the two.
True true. But the auth apps I've seen don't appear to be secure. So if you lose your phone...
And I don't like hw key because I'm afraid I'll lose it.
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.