Authy works well for me
Asklemmy
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
Authy is very concerning lately https://www.androidpolice.com/authy-hacked-what-to-know/
the security team found out that only 93 Authy users out of 75 million were affected
Also this was a social engineering attack and if you’re syncing your 2fa seeds then you should be encrypting them with a secret. Cracking that should take years if not more.
If you also use a password manager, then 1Password is what I use since it handles both and does cross platform and can auto fill on mobile.
Any solution that holds both together… is not really a 2fa solution imo.
True but still better than no 2FA. Would be great if these password managers informed a second level of security (ie different password) into their 2FA.
Raivo
Surprisingly, Microsoft Authenticator works very well. On iOS it lets you back up your authentication tokens to iCloud and on Android I believe there is some way to do this too (I don’t have an Android phone so idk). I would avoid Google Authenticator because to the best of my knowledge there is no way to back up, and at some point in the past it crashed on me and I lost all my 2FA logins, which was a huge pain to recover from.
Authenticator allows you to back up your passcodes to to your google account. I actually prefer DUO’s way of backing up 2FA codes by protecting them with a different password. I don’t like google’s approach as it basically means that if your google account is compromised then the attackers have the keys to the castle.
There's 2FAS. It's open source, available on Android and iOS as well as on desktop through the browser extension.
Since you only listed apple platforms you can also just use the built in options for both password management and 2FA.
Edit: https://support.apple.com/en-ca/guide/iphone/ipha6173c19f/ios
There are even plugins for browser on windows for it if needed.
Lacks advanced family password sharing and other features but it is hard to beat for ease of use for an individual who mostly uses apple devices.
The only gripe I have about this is that third party browsers on MacOS don’t support Passkey. If you use Safari it’s absolutely wonderful, but…safari.
Still though, it isn’t incredibly difficult to just go into Settings to get passwords, but it’s still a pain.
This is pretty much the reason I use 1Password. I don't like Safari, and it has reasonably good UX and extensions for all browsers + native apps.
They released a Chrome and Edge extension to support 3rd party browsers about a year ago. I have never tried it but I noted it lets you be cross platform with the password feature.
https://support.apple.com/en-ca/guide/icloud-windows/icw76039ec0f/icloud
I think this only works on Windows oddly enough. Probably really trying to push safari on macOS.
Bitwarden, you can self host if you prefer.
I teally like Aegis!
It's only on Android, OP is asking for iOS.
Oy vey! I totally missed that. 😕
If you wear an Apple Watch DUO has a watch app and so I’ve migrated all my accounts that support duo to it so I can leave my phone in my pocket and just look at my wrist
I just use a keepass vault and KeePassium (Strongbox is also great) after deciding I don’t trust Authy.
Biggest advantage over Authy for me is that I control the data and that the solution is open source.
Vault is synced locally with syncthing but a vault on a cloud drive requiring a key file that is local is also a good option.
Backups are easy. KeePassXC can be used on the desktop for totp.
Vault is not kept with my password vault.
I use OTP Auth. Syncs via iCloud and has an Apple Watch app. Plus allows export which is convenient for if I ever want to switch platforms back to Android.
I am all-in on Bitwarden - and I use Apple's 2FA with a widget shortcut to Passwords in settings to unlock Bitwarden. For maximum security it makes sense to keep your OTP in a separate app, but if you choose to keep them in Bitwarden, it will add your 2FA codes to your clipboard after inserting your login and password on the site. Extremely convenient.
Bitwarden is light, multi-platform, will support Passkeys, open source, offers username and password generation, free (and VERY cheap if you want to unlock sharing). In my opinion nothing comes close.
I use a yubico hardware key, for all of my TOTP and bitwarding password manager and my Google Voice for the 2FA
I have been a big fan of authy for a few years. Works well for me.
On Android I use Aegis