this post was submitted on 17 Jun 2023
108 points (100.0% liked)

Privacy Guides

17031 readers
189 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 2 years ago
MODERATORS
 

What authenticator app do you use? How do you backup? Any open source self hosted options?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 2 years ago (3 children)

I use Bitwarden (I know opinions are split when it comes to passwords and 2FA being in separate apps). But I like the convenience of it all being in one platform.

I also like Raivo, you can import/export them too.

[–] [email protected] 6 points 2 years ago (1 children)

You can set Bitwarden to require your master password for higher security logins. I keep a separate vault for work and personal things... Everything in my work vault requires it's master password to use them. The OTPs are useless without credentials, and you need the master password to get at those even when the vault is unlocked. YMMV but to me, this was "good enough" to ensure a separation of concerns between low and high risk.

[–] [email protected] 1 points 2 years ago

This is the first time I'm hearing about this feature and am interested. But I feel like it would be better to use a different password than your master for these higher security logins. The thought being that, if someone has access to your passwords, they likely have access to your master password as well, unless they had access to an already unlocked vault.

[–] [email protected] 5 points 2 years ago* (last edited 2 years ago)

I use bitwarden and only put totp codes in it for “low risk” uses. Like say…a Reddit account.

Thinks like email accounts or ones associated to bank etc I keep in google Authenticator (not synced to the cloud)

I also keep a spare phone with the google auth totp codes loaded in case I lose my phone.

At the service level I also keep backup codes or use a yubikey when possible. So even MFA at the account level often has options, even if it’s “my phone is across the room and I’m too lazy, backup code time”

[–] [email protected] 1 points 2 years ago

I also use Bitwarden both for passwords and TOTP. I secure it with password + Yubikey. Works well enough it seems! If I ever have any concerns I'll move TOTP to Aegis in a heartbeat though.