Aegis.
this post was submitted on 31 Jan 2025
66 points (97.1% liked)
Ask Lemmy
27823 readers
1212 users here now
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected].
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try [email protected] or [email protected]
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
founded 2 years ago
MODERATORS
Yubikey + Yubico app covers all my needs and is technically the most secure option
If you already have Microsoft authenticator just use that. They're all basically the same
Aegis via Fdroid
The fact it's in fdroid is great
Aegis is nice
I switched from Google Authenticator to Aegis and have had no problems.
One more upvote for aegis
Been with aegis through 4 devices and absolutely love it.
FOSS ftw!
thanks for this!
I use proton pass but IDK if it's good to warn against them now as they appear to support fascists
I use Aegis for personal and work stuff. Works great, is open source and initiates no network connections anywhere.
whatever you choose, keep the 2FA recovery codes to at least bitwarden on paper, in a safe place
Aegis (fdroid)
I use FreeOTP. Open source tickles me.
Use Ente Auth.
Huge fan of Ente Auth as well. Completely open source and available on F-Droid. Offers encrypted backups with cloud options so you can easily restore between devices if needed.
I swear it used to state if they ever had to charge for it free accounts would be grandfathered in, but now it just says free. Guessing the photo service covers its cost.
Ente photos is also awesome. I'm a huge fan and subscriber.
Open version called vault warden lets you put 2FA in the app. That said, I'm not of the camp that wants to put their password and code generator in the same place so I still use Aegis for the tokens.
whatever you choose, keep the 2FA recovery codes to at least bitwarden on paper, in a safe place
Doesn't turn 2fa into 1fa?
I like to know that even if someone got into my bitwarden vault they would still not be able login to my most important stuff.
This is a different app from bitwarden PW manager.
I don't want my password manager to also have the ability to generator 2fa codes, gotta keep em separated.
This is a different app from bitwarden PW manager.
I've used andOTP for years and it's served me well. and it's FOSS
But since a few years ago, it's no longer being maintained: https://xdaforums.com/t/unmaintained-app-4-4-open-source-andotp-open-source-two-factor-authentication-for-android.3636993/post-87021655
Thanks for this, I also have been using andOTP for years (and before that its earlier fork OTP Authenticator), didn't realize its development went dormant too.
Nitrokey or yubikey if you have the key , or Aegis if only want to use an app
I think I need an education. What do you mean if I have the key? When I look at bitwarden settings, I do see a setting for "Log in with passkey" but it's different than the Two-step login. EDIT: wait, I think I see, under the two-step login there are providers for Authenticator app, Passkey, yubico key, or duo. I think I get it now.
yubikey and nitrokey are physical keys
I use LastPass authenticator for 2fa (note, I do not store any passwords in LastPass)
This way the authenticator accounts sync to my LastPass account and make device migration a breeze, I simply just sign into LastPass and then I can use authenticator immediately on the new device.
You could also use Microsoft authenticator (again with no passwords saved) to achieve the same thing.
I just didn't want to bother with exporting and importing 2fa accounts when getting a new phone. Or worse, if my phone fails unexpectedly I don't want to be unable to generate codes.
This is really sold advice
I typically use Bitwarden for my 2fa keys and passkeys. For Bitwarden itself, I have a Yubikey and my phone registered as passkeys. I also used to use Duo for 2fa in the past, but I prefer Bitwarden.
I did not realize they had an authenticator... That would be convenient. I think I'll do that.
I second Bitwarden. It’s open source and automatically copies the number to your clipboard. Migrating can be a pain in the ass but once you’re done, it’s great.
I used tobuse authy. Mainly for the desktop to phone sync feature. The desktop got removed unfortunatly. So i am looking as well
I use 1password. It's fine. I haven't tried much other stuff, but it works well, but I don't think there is a free option so it might not be a good pick. There is also Google Authenticator which works fine and is free.
My email is what I consider to be an important password so its in my offline password manager.
At the risk of sounding snarky, why is this a deal breaker? I can recover both bitwarden and my email if I was ever in a situation where I forgot one or both passwords. It also only occurs in a situation where you are signing into devices that you've never logged in to or purposely logged out of. I do use 2FA, but even if I did not it sounds like a lot of complaining about a situation that you should already be prepared for. Bitwarden could easily go down or your password vault could be corrupted or (at worse case) your vault compromised and passwords stolen. Make plans for such situations and you'll realize this is mostly a knee-jerk reaction to a non-issue.