I see that Ente Auth is the recommended software for 2FA when using TOTP 2FA. I checked a bunch of my services with both Hideez and Yubico’s lists showing what supports FIDO2, specifically what I use. Turns out, not a lot. Probably 70% of the services I use support TOTP. 3-4 of them support FIDO2. The remainder are still stuck on SMS, email, and voice call.
If I’m going to drop a couple hundred bucks on a few YubiKey 5C NFCs though, wouldn’t it make sense for me to just switch over to using Yubico Authenticator entirely, so that I don’t have to worry about dealing with multiple authentication apps? The only bit of frustration I can foresee are for accounts that my wife and I both use, where we were able to add the TOTP to both of our Ente accounts at the same time. But we can probably still set that up nicely, even if we move over to Yubico Authenticator.
So with that said, is there any known reason to not use this method? It should introduce an even greater level of security to our 2FA, because right now, if our Ente Auth apps somehow got breached, we’d be in trouble. But with Yubico, we’d need to have the phone, the app, and the key itself.
This really is a personal preference question. The ideal option/way is not this. But if you want to do this, then that’s your call.
I mean.. anything can technically be breached any time. It’s not the logic one should use to evaluate what to do or not even after doing all that you can with TOTP as 2FA.
–
I’m not sure what exactly you’re trying to accomplish here but I always like simplicity with it comes to privacy and cybersecurity.
I think you should keep it simple. Use Ente Auth for your TOTP/2FA needs or your password manager. I use my password manager for more simplicity and convenience. For others, use whatever 2FA you can. I recommend using a jmp.chat number for SMS 2FAs if you can afford to keep one number alive/active at all times only for this.
For the few select options where you can use security keys, you’ll have to decide if its worth it. I too thought it would have been worth it but after a couple of years, I stopped using them and moved back to other equally good options thinking on the worst case scenario option - what if I love all devices and electronics including security keys? So, my set up is such that I can get back all my accounts at any time on any new computer if I wanted to.
Note that the TOTP codes are stored on the key, not in the Authenticator. Yubikey 5 series keys with the latest firmware (non-upgradable) can hold only 64 TOTP credentials. Keys with an older firmware are limited to 32 TOTP credentials. You may find that number to be too limiting.
Personally, the added friction of having to insert the key for TOTP is not worth the security gain. A software-based TOTP Authenticator like Ente Auth would be my choice.