this post was submitted on 10 Jul 2023
54 points (100.0% liked)

Privacy Guides

16879 readers
3 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 2 years ago
MODERATORS
 

Hello! I'm in the process of slowly de-googling my life and taking my privacy more seriously.

I currently use Google Authenticator for 2fa at the moment.

I am currently dreading swapping those to Aegis, which requires a password every time I want to use it (that's very inconvenient, to be honest) while with Google's I can just open the app and get the necessary code right away; no password required.

Should I just stop being lazy, suck it up, and make the switch? I know I'm being a bit of a baby.

Edit: Okay, apparently I can use my fingerprint scanner instead, which is a LOT better, so I'll stop being a lazy shit and do the swap tomorrow. Cheers!

Final Edit: I made the switch to Aegis. Already made a backup, and I have Biometrics setup. Ty everyone!

top 41 comments
sorted by: hot top controversial new old
[–] [email protected] 22 points 1 year ago (1 children)

If your phone has biometrics, you can set that up, much quicker than typing password each time.

[–] [email protected] 3 points 1 year ago

Ohhhh snap you're right! Thankfully my phone has a fingerprint reader. Never used it but it looks like I finally have an excuse to!

Guess I just need to stop being lazy now. 😅

[–] [email protected] 16 points 1 year ago (1 children)

You can use biometrics instead of a password. Also, Google Authenticator not having a password requirement is a massive security risk to me. A 2FA app, just like a password manager should ABSOLUTELY be protected with passwords/biometrics.

[–] [email protected] 2 points 1 year ago

I got biometrics turned out, ty!

[–] [email protected] 12 points 1 year ago (1 children)

You can disable encryption and use Aegis without a password, just like Google authenticator.

[–] [email protected] 1 points 1 year ago

I didn't realize that. I should do a better job at reading all the settings. Ty!

[–] [email protected] 10 points 1 year ago (3 children)

I use a self-hosted bitwarden, it keeps both my passwords and generates TOTP authentication codes

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

This is the only way, saving tons of credentials centralised isn't the way to go, if you're able to do it yourself and mantain it.

Not everybody should selfhost

[–] [email protected] 4 points 1 year ago (1 children)

instructions unclear, everyone should be @selfhosted

[–] [email protected] 3 points 1 year ago

Hi there! Looks like you linked to a Lemmy community using an URL instead of its name, which doesn't work well for people on different instances. Try fixing it like this: [email protected]

[–] [email protected] 2 points 1 year ago (2 children)

I'v been trying to self host bitwarden but I keep running into error after error. Mostly with nginx 😑

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

I use bitwarden_rs with docker-compose, behind nginx. I can share my config if anyone is interested.

[–] [email protected] 2 points 1 year ago

I self host on my Synology and getting the reverse proxy with the webhook setup properly was such a PITA it took me giving up for a couple months and coming back to it to finally get set up. Turns out I was looking in the wrong place for security certs the whole time 🤦

[–] Lemmyfunbun 1 points 1 year ago

Seems badtio keep both forms of auth in the same place.

[–] [email protected] 8 points 1 year ago

Everyone has already mentioned the biometrics, but I think even without that you still should have to suck it up if you want to improve your security.

Also, I think it's worth the hassle of changing to Aegis since you can make backups of your vault pretty easily, something which Google authenticator doesn't provide.
The only option in that app is cloud sync which IIRC isn't encrypted in any way, so your keys are being sent to you-don't-no-where via you-don't-know-how in plain text.
Aegis gives you the option to sync your vault with an encrypted file which you can then import into other Aegis install (I don't know if it has the option to sync an unencrypted version).

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (2 children)

Btw OP, you can export from Google Auth. and it will give you a big QR code that you can just snap with Aegis, in case you didn't know already.

No need to transfer one-by-one.

You just need to get the code off your phone first.

[–] [email protected] 1 points 1 year ago

Doesn’t that defeat the whole purpose though? I would regenerate each OTP “string”, for lack of a better way to say it, rather than bringing them over as Google already has that data.

[–] [email protected] 1 points 1 year ago (4 children)

Err.. how do I get it off my phone tho?

[–] [email protected] 19 points 1 year ago (1 children)

A marker and steady hands.

[–] [email protected] 2 points 1 year ago
[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (2 children)

Err… how do I get it off my phone tho?

There are several ways! First, take a screenshot (power + vol. ~~up~~ down is the shortcut for me, not sure if this is an Android default).

Then email it to yourself, or plug in your phone with UTP to a computer and move it out of the picture folder, or print from your phone to a wifi-enabled printer, or use something like Google Keep and sync it to your computer, etc.

[–] [email protected] 6 points 1 year ago

Not sure if you're joking but thankfully you can't take a screenshot of Google Auth.

And emailing it would completely defeat the purpose of 2FA

[–] [email protected] 2 points 1 year ago

Oh goodness, why didn't I think of emailing it to myself. 🤣 Thank you for the tip, I'll do that in the morning after I wake up.

[–] [email protected] 3 points 1 year ago (1 children)

The mental image of me looking at a qr code on my phone screen, and only then wondering how I would catch that on the phone's camera did make me laugh.

[–] [email protected] 1 points 1 year ago
[–] [email protected] 1 points 1 year ago

What I did was take a screenshot and then scan the photo via Aegis

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (2 children)

Apparently you can use biometrics instead of a password each time you require access. Not sure if that still seems like a bother or not, I personally do not mind.

𝐄𝐝𝐢𝐭: Some one else already beat me to this answer, haha.

[–] [email protected] 2 points 1 year ago (1 children)

But I don't reccomend it. I may be too paranoid, but recover a fingerprint (physically, non from the OS) from a lost/stolen phone is pretty easy and this is why I never suggest to use fingerprints to login to banks app and authenticate transactions. At least use a 6 digit pin for Aegis.

[–] [email protected] 1 points 1 year ago

I use a yubi key to do my static passwords for otp apps like this.

I think it's 38 characters long.

I wish ageis uses keys or webauth but that requires online functionality.

[–] [email protected] 1 points 1 year ago

Ah yea just noticed that; my phone has a fingerprint reader. Didn't even occur to me to use it because I never have. 😂

[–] [email protected] 5 points 1 year ago (1 children)

I remember losing Google Authenticator data when I had to format my phone. This was years back and didn't have too many accounts setup. With Aegis I have an offline encrypted backup of all my 2FA codes so this is no longer a possibility. Before Aegis I was tempted to use Authy before I had to wait 24hrs to gain my access back after I reset my phone.

2FA on Android has always sucked (lazily created; app data CANNOT constitute and/or subsitute device trust). I wish I had got on to Aegis earlier.

[–] [email protected] 1 points 1 year ago

I've already made my first backup with Aegis. =)

[–] [email protected] 3 points 1 year ago (1 children)

You can also check out 2FAS, which recently got open-sourced. It comes with browser plugins to autofill 2FA pushed from the phone on request. Makes it a lot more convenient if you need another reason to switch.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

You can also check out 2FAS, which recently got open-sourced.

I happened to be comparing this and Aegis so I'll add the biggest differences I noticed. Maybe it helps someone:

  • Aegis is Android only, 2FAS is iOS and Android and they have a browser plugin.
  • The browser plugin still needs you to approve via your phone/device.
  • 2FAS has automated Google Drive backups. You can manually export if you backup via, e.g., Syncthing.
  • Aegis has automated "external storage" (e.g., a folder on your phone) and "Android Device" backups—the latter are stored on Google Drive too, but, as far as I understand are used via a device restore (may not be as easy to drop these in as the other backup methods).
  • 2FAS lets you secure with a 4-digit PIN and biometrics. Aegis let's you use a full-blown password and biometrics.
[–] [email protected] 2 points 1 year ago

I use aegis as the otp for bitwarden and keepassxc. Currently trying to migrate bitwarden and just use keepassxc while syncing the db to my nextcloud and backup onedrive.

[–] [email protected] 1 points 1 year ago

Ente's auth app is a good option too.

https://github.com/ente-io/auth

load more comments
view more: next ›