Thinking of moving from Aegis to a cloud-based TOTP app like Ente Auth, but wanted to ask if people also save their high stakes accounts like password manager and email TOTP on Ente Auth too?
The idea would be to also have these TOTPs on Aegis/Yubico Authenticator to tighten security. But maybe I am overcomplicating this.
I really like Aegis’s backup features and have non-techie family members using it. Such might not be good for most for their threats/concerns.
Whatever you end up doing, ensure you have backups and scenario coverage such as the classic phone in pond and similar.
I personally use protonpass for passwords and totp, but have my proton password held offline and the totp for it in Ente.
Ente very nice and has been flawless
I don’t have 2FA enabled on my password manager because it requires a security key. Meaning that if someone knew my password, they wouldn’t be able to log in with it and my email address on a new device, because they would still need the security key which even I don’t know by heart. I have it written down in secret place.
That being said, if I did enable 2FA on my password manager, I would absolutely save it in Ente. If Ente could store security keys, I would also save my security key there. My email 2FA tokens are saved there too.
The thing I do wonder is how does Ente separate Ente Photos and Ente Auth if you have 2FA enabled for your Ente account? And where does one save their Ente 2FA tokens?
I wouldn’t say Ente Auth is entirely flawless.
I get an error every time I close the flatpak app on desktop. It’s been like this for months.
I had to loosen some app security on GrapheneOS to get it to work (allow DCL via memory), which is frustrating considering it’s suppose to be a security focused app.
They’re also not always consistent with app updates between play store, github, and F-Droid.
But for core functionality, it works great! I’ve recommended it to everyone.
I don’t really trust online services for this, I use keepassxc and backup the database files via rclone and syncthing
That’s a shame I’m gutted for you. I’ve had the exact opposite. Perhaps it’s the platform we are using it on or something. Hope they sort it out for you soon
I do have TOTP for my password manager stored in 2FAS. I think that if you have enough hardware keys to cover all your devices (and recovery scenarios), then using TOTP for a password manager may be an unnecessary exposure. Not only is it still subject to real-time phishing, but it also depends on the services to implement an effective rate-limiting to be a true hindrance to attackers, whereas the FIDO2 key would not have those issues.