Best way to secure authenticator app itself?

NikunjK19 · October 5, 2024, 7:07pm

I’m using Ente Photos and Authenticator, both use the same authenticator code (I initially set it up for photos). Now when i try to log into the auth website it asks for 2fa code which is stored in auth website itself. I have my account logged in multiple places so i can get around that but I’m afraid of getting locked out at some point. How can i secure auth other way? Is there any better approach to this?

Anon47486929 · October 5, 2024, 8:57pm

You can do multiple things:

Save recovery codes that are given while registering Ente 2FA by writing them down, or saving them someplace else.
You can take a backup of Ente Auth and save it on a physical drive (USB, SD card, etc.)
You can have another device and log into Ente Auth on it.

donutfreak · October 6, 2024, 7:43am

You can also put your Ente 2FA TOTP key in another 2FA app, by itself. Like Aegis if you are using Android.

I had your issue recently as well. I set up 2FA for Ente Photos and then my Ente Auth needed my TOTP when logging in.

Anonymous220 · October 6, 2024, 8:21am

You also could use yubikey or something like it

crossroads · October 6, 2024, 8:23am

I use Aegis, and when I’m setting new 2FA credential, I add secret to KeePassXC database (separate from one I use for passwords), so I have it at 2 places (actually on each device I use), plus backup.
It means you have to keep and maintain 2 databases, but quantity is quite small for me (20-25 services), and it’s not I’m changing it often (most likely never)

securitybrahh · October 6, 2024, 11:04am

Passkey?

NikunjK19 · October 6, 2024, 11:33am

Thank you. I’ll save a encrypted Backup on cloud and in hard drive

NikunjK19 · October 6, 2024, 11:34am

Hmm i noticed Ente did added passkey support recently. I’ll look into it

water · October 6, 2024, 12:26pm

The best way is to have it in an offline setting.

securitybrahh · October 6, 2024, 1:40pm

air gapped pass key

Anon47486929 · October 6, 2024, 3:31pm

More than enough tbh. Don’t try some of the methods being advised here if your threat model does not call for it. Can become exhausting lol

Unironically the best way in a lot of cases. I would also recommend Ente in offline, non-login mode for people who want extra security. This way you can sync passwords using online password managers, and yet still hold the 2FA credentials offline and on-hand always. Just be sure to take regular backups into physical drives that are not on the same site as you.

A decent alternative to people who might not want to deal with hardware keys. But I also understand most people want to sync 2FA online too, and that’s fine too.

Topic		Replies	Views
2FA best practices? Questions software	13	1030	October 14, 2024
Ente Authenticator (2FA) Tool Suggestions completed	36	7949	October 22, 2023
Aegis vs Ente Auth - screwed either way? Questions	17	2664	November 26, 2023
Aegis vs Ente vs Yubico Authenticator Privacy	7	2127	December 14, 2023
Should i make Ente Auth online or offline? Questions	4	407	October 23, 2024

Best way to secure authenticator app itself?

Related Topics