If proprietary app is better and more robust I am willing to try it and assess it myself.

  • GadgeteerZA@beehaw.orgEnglish
    1·
    1 year ago

    Bitwarden and it’s fully cross-platform. I like that it auto copies the 2FA pin to clipboard after filling in login - cuts out extra clicks and copy movements.

          • Adda@lemmy.mlEnglish
            1·
            1 year ago

            Thank you for the information. I am using Aegis and will not move away from it – I have no reason to. I am completely content with the features it provides. However, I want to look at Authenticator Pro to see how it works, what features it brings and in general, how good the application is. If I like what I see, I will be able to provide an alternative to Aegis when I suggest a TOTP application for someone. I hope Authenticator Pro is great, so I can recommend it with confidence.

    • styx@beehaw.org
      0·
      1 year ago

      I am not a big fan of storing the passwords and 2fa together since if it is compromised, you lose both layers at the same time. But the alternative is not so convenient. But then in security, it is always a balance between the two.

      • badelf@lemmy.ml
        0·
        1 year ago

        True true. But the auth apps I’ve seen don’t appear to be secure. So if you lose your phone…

        And I don’t like hw key because I’m afraid I’ll lose it.

        • styx@beehaw.org
          0·
          1 year ago

          I have a two layer system in place:

          1. I use Aegis, I have automatic encrypted backups, and syncthing to synchronize the backups to my private server. If I need to reconfigure Aegis, I just import the backup.

          2. I have 2FA backup codes as encrypted text files, which are also synced to my server with syncthing. I have the encryption/decryption software installed on my phone and windows, so I can use a backup code if I don’t have access to Aegis.

          One issue was I had to write my own apps for windows and android for encrypting/decrypting the text files 😃. You can check them on GitHub: https://github.com/mcanyucel/TextCrypt-Windows https://github.com/mcanyucel/textcrypt-android

          They use SHA256 with random IV and random salt. No warranties, though 😅

          • badelf@lemmy.ml
            2·
            1 year ago

            Damn! I hope I don’t have to be quite that careful. I travel a lot so I really only worry about the USA border guards. 😒

      • charje@lemmy.ml
        0·
        1 year ago

        I know it is an unpopular opinion, but it is a huge headache in general. I don’t think the theoretical benefits (which make total sense) actually pay off in reality and are worth the extra headache. I’m not saying they should not have it at all, but it should be at least opt-out instead of forced.

        In the case of github, I think it is part of their long drawn out plan of data collection and proprietary lock down. Next they are going to require your house address and government ID. I feel better using an free and open source platform anyway.

  • maniel@lemmy.ml
    0·
    1 year ago

    When it comes to proprietary apps Authy is nice, it offers synchronisation between devices, but yeah, it involves cloud (someone’s computer) and you need to give them your phone number, so that’s for privacy, in the end you might as well use Google authenticator, it syncs between devices to, it’s about who you trust more

    • r_se_random@sh.itjust.works
      1·
      1 year ago

      For people down voting, please share your reasons for it. If there’s something wrong with the product, sharing that info would be helpful.