For several years now i’ve been using Authy because it’s very convenient. But i know the remote sync is a threat. So i’d like to improve this.
I know PG recommends Aegis, but it only supports Android. Do you have any 2FA app to recommend on other platform (macos, windows)?
Also, is it possible to somehow export from Authy to Aegis, or do i have to manually delete all token and create new ones?
Final question: is it possible to export Aegis tokens to have a backup somewhere (and possibly import them back into the app)?
Thank you!
I dont know any other cross platform stuff that doesnt do cloud sync other than KeepassXC and storing your TOTP tokens within. Its not the best practice, but it is doable if you do not belong to a risky group (activist, journalist, etc) or if it is acceptable to your risk appetite.
If you have saved your token, you can reenter the same code within Aegis. I am not sure if there is a feature that will allow reexport/reshow the QR code in Authy (you can reshow the QR codes in Aegis, btw).
If you cant get it to show again the QR code or if you cannot get the long string of token letters, the best way forward for you is to delete the token and redo them in Aegis, because now you are trusting 2 other entities with your secret.
There is an Import/Export section in the Aegis app and it supports .JSON and ,txt format with an option to export it in an unencrypted plain text.
For desktop I use Authenticator.cc which works as a browser extension for Chromium, Firefox, and Safari. It is the only free/libre option I could find available on desktop which is why I use it.
If you’re not opposed to spending some money, you could invest in Yubikeys and the Yubikey Authenticator app. That would be the hardware route for 2FA, though.
You could spend $10 per year on Bitwarden premium and use that as your 2FA service, or just enter the seed phrase on your authenticator apps on all platforms
Also, is it possible to somehow export from Authy to Aegis
Export TOTP tokens from Authy · GitHub
is it possible to export Aegis tokens to have a backup somewhere
Yes, Aegis allows backups.
Regarding the Yubikey, there is a small inconvenience but an increase in security: You cannot re-export the TOTP secret, unlike in Aegis.
do you all agree Authy is not a good idea - if i do not belong to a risky group? I also have family members that travel alone and this is what we use in case they will ever need to autheticate while away?
look into this app: Add 2FAS (Authenticator App)
What about using your password manager for 2FA? Like Bitwarden or 1Password?
You could use Bitwarden, Proton Pass or Standard Note to store your 2FA but at least not the same tool for Login, password and 2FA.
For exemple you could have Login + Pwd on Proton Pass, 2FA on Bitwarden.
My eye caught the question of “is it possible to somehow export from Authy to Aegis, or do i have to manually delete all token and create new ones?”.
I would do the manual, no matter how easy is the export from an online solution. Simply for the reason: i can instantly invalidate the data what IS on the server (no matter how it is encrypted, salted, when and how will be deleted later etc),while i do the change. Sure if i am in a hurry or something, that export/transfer option could be usefull!
Hi I’m thinking of using 2FA in this fashion(in case of local ):
Totp seeds saved on
2 raid 1 hard drive
1 random hard drive, or/and SSD
Pendrive
1 or 2 cloud preferably encrypted
Stored in KeepasXC
Syncthing
Keeping it simple(so that it’s easy to remember and maintain)so for emails only , vault accessible via pin or passphrase
The app would be Aegis , FreeOTP or other
Or Bitwarden or something similar and making backup on RAID 1 HDDs etc so the reverse