this post was submitted on 08 Jan 2024
214 points (96.1% liked)

Technology

59641 readers
2528 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] 1bluepixel@lemmy.world 38 points 10 months ago (1 children)

Made the switch to Aegis a little while back. I like it a lot.

[–] GreenDust@lemmings.world 13 points 10 months ago (1 children)

Aegis is just for Android. This is about a desktop program being discontinued.

[–] Matty_r@programming.dev 9 points 10 months ago

There is OTPClient [0] for Linux which can be used to import your Aegis keys.

[0] https://github.com/paolostivanin/OTPClient

[–] Monomate@lemm.ee 24 points 10 months ago (1 children)

That's an awful decision by Twilo. I deliberately only install Authy on my Desktop computers because they're always at home and cannot be easily stolen/lost like my phone.

[–] xaxl@lemmy.world 12 points 10 months ago

Only reason to choose Authy over anything else tbh. This just basically killed the product.

[–] dantheclamman@lemmy.world 17 points 10 months ago* (last edited 10 months ago)

Twilio is under a lot of pressure from shareholders eager for more profit (CEO was just pushed out), so I figure this is just the start of a long wave of enshittification. I switched to Authenticator Pro (Android), which is much better in every way. Can backup between devices, has WearOS support, and a proper dark mode. I'd use bitwarden, but I hesitate to keep my TOTP keys in same place as my passwords

[–] shortwavesurfer@lemmy.zip 16 points 10 months ago (3 children)

I use KeePassXC on desktop

[–] dvdnet89@lemmy.today 6 points 10 months ago

I would prefer this one for UI consistency and it is open source and we can setup PWA as well https://github.com/ente-io/auth?tab=readme-ov-file#-download

[–] fine_sandy_bottom@lemmy.dbzer0.com 5 points 10 months ago (1 children)

Yeah I'm in the process of switching my OTP stuff to keepassxc. Better hurry that up.

[–] fernandofig@reddthat.com 2 points 10 months ago* (last edited 10 months ago)

I did it all using this. Took me about half an hour to migrate all my 15-something accounts to KeepassXC.

[–] Ganbat@lemmyonline.com 5 points 10 months ago

Definitely. Having my 2FA in a local database that I can back up physically is the best.

[–] whyNotSquirrel@sh.itjust.works 16 points 10 months ago* (last edited 10 months ago) (2 children)

Good thing I made the switch to 2FAS

You still need ~~my~~(edit: I need mine, but you can use yours) phone but with the Firefox add-on you just need to accept the pushed notification for it to autocomplete the code

And it's opensource

[–] Bangs42@lemmy.world 3 points 10 months ago (1 children)

Thanks for the recommendation. Started working on migrating all of my 2FA over from Authy. The process sucks (that's not the fault of 2FAS), but I really like 2FAS as an app so far.

[–] whyNotSquirrel@sh.itjust.works 2 points 10 months ago

yeah switching is a pain, also chose it for this reason, there's an export option if I want to change again once

[–] flumph@programming.dev 2 points 10 months ago* (last edited 10 months ago)

I can't tell from their page -- is it syncing via a SaaS service or just out to a file store like Google Drive?

Edit: It does sync with Google Drive and file exports. No SaaS component that I can see.

[–] LWD@lemm.ee 15 points 10 months ago* (last edited 10 months ago)
[–] Pika@sh.itjust.works 9 points 10 months ago (3 children)

well I'm now in the market for a new MFA app, anyone have any recommendations? Preferably one with a desktop alternative.

[–] Bangs42@lemmy.world 10 points 10 months ago

I've started migrating all of my 2FA over to 2FAS. No desktop app per se, but it does have extensions for all major browsers, and apps for iOS and Android. You control the syncing of the 2FA (either automatically via Google Drive or via manual bulk exports to a local file), no SaaS bullshit.

load more comments (1 replies)
[–] mlaga97@lemmy.mlaga97.space 8 points 10 months ago* (last edited 10 months ago)

Plugging pass/Password Store/Android Password Store for anyone wanting a good wrapper around git+pgp for desktop/Android using a YubiKey or similar hardware security key. It has pretty good OTP support built-in.

[–] KingThrillgore@lemmy.ml 8 points 10 months ago

I use Authy on mobile and have for years. When they gonna discontinue that?

[–] NarrativeBear@lemmy.world 7 points 10 months ago

Aegis is a good alternative. Took a while to do the transfer as they don't allow export of the tokens.

[–] bdonvr@thelemmy.club 5 points 10 months ago (3 children)

I just want a selfhostable Authy clone. Is that too much to ask?

[–] Norgur@kbin.social 21 points 10 months ago (3 children)

Bitwarden can do everything Authy can afaik

[–] stealth_cookies@lemmy.ca 13 points 10 months ago (2 children)

It is a bad idea to have your password manager and 2FA be the same app though. You want to spread it around so one attack can't break your logins.

[–] ikidd@lemmy.world 8 points 10 months ago

You aren't wrong and I should rethink that. But BW is so damn handy.

[–] Norgur@kbin.social 1 points 10 months ago

While that is true, the risk of someone brute forcing into an account of mine on the login side than on mine. That's what I use 2FA against. If they managed to break into my vault, they'd have broken into my Mailserver and whatnot, so....

[–] rambaroo@lemmy.world 9 points 10 months ago (3 children)

BitWarden can generate 2FA tokens? I don't see any option for that on Android

[–] AbidanYre@lemmy.world 11 points 10 months ago (1 children)

Vaultwarden can. Self hosting isn't for everyone though.

[–] Norgur@kbin.social 14 points 10 months ago (2 children)

Given that the comment was a demand for self hostable Authy, I think they might wanna :P

[–] AbidanYre@lemmy.world 4 points 10 months ago* (last edited 10 months ago) (1 children)

Ha. Apparently two comments worth of context is too much for me to handle.

[–] BearOfaTime@lemm.ee 2 points 10 months ago

Lol.

Welcome to the club, mate! 🤣

[–] LWD@lemm.ee 3 points 10 months ago* (last edited 10 months ago)
[–] unwillingsomnambulist@midwest.social 8 points 10 months ago (3 children)

Need to pay for a subscription for TOTP. It’s like $10/year for the personal plan.

[–] CosmicTurtle@lemmy.world 7 points 10 months ago

Which is damn near cheap compared to other companies. I personally use dashlane (I know I know I should self host but I don't trust myself for something as important as passwords) and that's $60 for their premium package.

[–] reev@sh.itjust.works 6 points 10 months ago (1 children)

I love my bitwarden but is it less secure to have all your eggs in one basket? That's the main reason I've been using separate apps so far.

It may very well be, especially if the basket your eggs are in is full of holes. I always figure, as long as it isn’t a pad of paper on a desk, or a company that regularly makes headlines due to security breaches, I should be okay.

[–] rambaroo@lemmy.world 2 points 10 months ago

Cool, I might check it out then. I knew I'd have to move off of authy eventually.

[–] Merlin404@lemmy.world 8 points 10 months ago (2 children)
[–] Norgur@kbin.social 6 points 10 months ago (1 children)
[–] ikidd@lemmy.world 4 points 10 months ago (4 children)

I self-host, but I still pay for their premium because it's a damn good product I want to see kept maintained for years to come.

I mean, cmon, it's $10. Almost cheaper than a banana.

[–] AbidanYre@lemmy.world 3 points 10 months ago (1 children)
[–] ikidd@lemmy.world 2 points 10 months ago

Glad someone caught that.

load more comments (3 replies)
[–] rambaroo@lemmy.world 1 points 10 months ago* (last edited 10 months ago)
[–] bdonvr@thelemmy.club 4 points 10 months ago

Yeah, I already run Vaultwarden. But like others I don't really want to combine my tokens and passwords.

[–] jlh@lemmy.jlh.name 3 points 10 months ago (1 children)

I just use FreeOTP+ on my phone. It's a fork of a Red Hat authenticator, and completely open source and available on F-Droid.

No sync, but you can export the TOTP secrets if you want to back them up/move them.

[–] JustUseMint@lemmy.world 3 points 10 months ago

Thanks was looking for something like this

[–] stardreamer@lemmy.blahaj.zone 1 points 10 months ago* (last edited 10 months ago)

Bitwarden has TOTP support with a pro license. Or you can just selfhost (using vaultwarden) and have all the features instead.

[–] DLSantini@lemmy.ml 2 points 10 months ago* (last edited 10 months ago)

I didn't even realize they had a desktop app. I've been using the mobile app for a few years. I was just thinking about installing the mobile app in my WSA install, since it just didn't even occur to me that there was a desktop version. I guess now it doesn't matter either way.

load more comments
view more: next ›