this post was submitted on 17 Jul 2023
7 points (68.4% liked)

Asklemmy

44123 readers
564 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

What’s your prefer two-factor authentication app for iOS?

I'm looking for an app that offers the best combination of platform compatibility (preferably available on Mac OS, iPad OS, and iOS), security, usability, and reliability.

It would be great if the app is open source and has a backup feature as well.

I came across a recent Wirecutter article from The New York Timesthat recommends Cisco DUO Mobile as the top choice, followed by Authy and Google Authenticator.

I would greatly appreciate your insights and security perspectives.

Thank you!

top 26 comments
sorted by: hot top controversial new old
[–] tyrefyre 7 points 1 year ago (1 children)
[–] [email protected] 6 points 1 year ago (1 children)
[–] [email protected] 5 points 1 year ago

the security team found out that only 93 Authy users out of 75 million were affected

Also this was a social engineering attack and if you’re syncing your 2fa seeds then you should be encrypting them with a secret. Cracking that should take years if not more.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

If you also use a password manager, then 1Password is what I use since it handles both and does cross platform and can auto fill on mobile.

[–] [email protected] 2 points 1 year ago (1 children)

Any solution that holds both together… is not really a 2fa solution imo.

[–] [email protected] 2 points 1 year ago

True but still better than no 2FA. Would be great if these password managers informed a second level of security (ie different password) into their 2FA.

[–] [email protected] 4 points 1 year ago
[–] [email protected] 3 points 1 year ago (1 children)

Surprisingly, Microsoft Authenticator works very well. On iOS it lets you back up your authentication tokens to iCloud and on Android I believe there is some way to do this too (I don’t have an Android phone so idk). I would avoid Google Authenticator because to the best of my knowledge there is no way to back up, and at some point in the past it crashed on me and I lost all my 2FA logins, which was a huge pain to recover from.

[–] [email protected] 2 points 1 year ago

Authenticator allows you to back up your passcodes to to your google account. I actually prefer DUO’s way of backing up 2FA codes by protecting them with a different password. I don’t like google’s approach as it basically means that if your google account is compromised then the attackers have the keys to the castle.

[–] [email protected] 2 points 1 year ago

There's 2FAS. It's open source, available on Android and iOS as well as on desktop through the browser extension.

[–] [email protected] 2 points 1 year ago

Bitwarden, you can self host if you prefer.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Since you only listed apple platforms you can also just use the built in options for both password management and 2FA.

Edit: https://support.apple.com/en-ca/guide/iphone/ipha6173c19f/ios

There are even plugins for browser on windows for it if needed.

Lacks advanced family password sharing and other features but it is hard to beat for ease of use for an individual who mostly uses apple devices.

[–] [email protected] 1 points 1 year ago (2 children)

The only gripe I have about this is that third party browsers on MacOS don’t support Passkey. If you use Safari it’s absolutely wonderful, but…safari.

Still though, it isn’t incredibly difficult to just go into Settings to get passwords, but it’s still a pain.

[–] [email protected] 1 points 1 year ago

This is pretty much the reason I use 1Password. I don't like Safari, and it has reasonably good UX and extensions for all browsers + native apps.

[–] [email protected] 1 points 1 year ago (1 children)

They released a Chrome and Edge extension to support 3rd party browsers about a year ago. I have never tried it but I noted it lets you be cross platform with the password feature.

https://support.apple.com/en-ca/guide/icloud-windows/icw76039ec0f/icloud

[–] [email protected] 1 points 1 year ago

I think this only works on Windows oddly enough. Probably really trying to push safari on macOS.

[–] [email protected] 1 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago (1 children)

It's only on Android, OP is asking for iOS.

[–] [email protected] 2 points 1 year ago

Oy vey! I totally missed that. 😕

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I use a yubico hardware key, for all of my TOTP and bitwarding password manager and my Google Voice for the 2FA

[–] [email protected] 1 points 1 year ago

If you wear an Apple Watch DUO has a watch app and so I’ve migrated all my accounts that support duo to it so I can leave my phone in my pocket and just look at my wrist

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I just use a keepass vault and KeePassium (Strongbox is also great) after deciding I don’t trust Authy.

Biggest advantage over Authy for me is that I control the data and that the solution is open source.

Vault is synced locally with syncthing but a vault on a cloud drive requiring a key file that is local is also a good option.

Backups are easy. KeePassXC can be used on the desktop for totp.

Vault is not kept with my password vault.

[–] [email protected] 1 points 1 year ago

I use OTP Auth. Syncs via iCloud and has an Apple Watch app. Plus allows export which is convenient for if I ever want to switch platforms back to Android.

[–] [email protected] 1 points 1 year ago

I am all-in on Bitwarden - and I use Apple's 2FA with a widget shortcut to Passwords in settings to unlock Bitwarden. For maximum security it makes sense to keep your OTP in a separate app, but if you choose to keep them in Bitwarden, it will add your 2FA codes to your clipboard after inserting your login and password on the site. Extremely convenient.

Bitwarden is light, multi-platform, will support Passkeys, open source, offers username and password generation, free (and VERY cheap if you want to unlock sharing). In my opinion nothing comes close.

[–] [email protected] 1 points 1 year ago

I have been a big fan of authy for a few years. Works well for me.

[–] [email protected] -1 points 1 year ago

On Android I use Aegis

load more comments
view more: next ›