Why not use a 2FA authenticator who sync to a third-party cloud sync/backup service?

Hi,

I was thinking to use Standard Notes authenticator as my 2FA authenticator.
I just see that Privacy Guides do not recommend such application.
Could you explain me why ?

In a perfect world your 2FA secrets would be on a device that is separate from what you’re logging into, and not just accessible from any of your devices.

In reality… if you use the Standard Notes TOTP feature for your 2FA that is probably fine, because Standard Notes has end-to-end encryption, so you don’t have to worry about them accessing your codes. It is just a bit riskier when your codes are accessible from all your devices, you can decide whether that is worth it or not to you.

1 Like

Tks a lot for your reply !

If i use Aegis and Bitwarden on my mobile phone the threat will be the same than having Standard Notes TOTP + Bitwarden isn’t it ?

The only difference will be when i use my computer.