• Monomate@lemm.ee
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    1
    ·
    10 months ago

    That’s an awful decision by Twilo. I deliberately only install Authy on my Desktop computers because they’re always at home and cannot be easily stolen/lost like my phone.

  • whyNotSquirrel@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    19
    ·
    edit-2
    9 months ago

    Good thing I made the switch to 2FAS

    You still need my(edit: I need mine, but you can use yours) phone but with the Firefox add-on you just need to accept the pushed notification for it to autocomplete the code

    And it’s opensource

    • Bangs42@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      Thanks for the recommendation. Started working on migrating all of my 2FA over from Authy. The process sucks (that’s not the fault of 2FAS), but I really like 2FAS as an app so far.

    • FlumPHP@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      I can’t tell from their page – is it syncing via a SaaS service or just out to a file store like Google Drive?

  • dantheclamman@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    edit-2
    10 months ago

    Twilio is under a lot of pressure from shareholders eager for more profit (CEO was just pushed out), so I figure this is just the start of a long wave of enshittification. I switched to Authenticator Pro (Android), which is much better in every way. Can backup between devices, has WearOS support, and a proper dark mode. I’d use bitwarden, but I hesitate to keep my TOTP keys in same place as my passwords

  • LWD@lemm.ee
    link
    fedilink
    English
    arrow-up
    15
    ·
    10 months ago

    Funny way to announce something, by putting it somewhere that most users won’t see it.

  • Pika@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    10 months ago

    well I’m now in the market for a new MFA app, anyone have any recommendations? Preferably one with a desktop alternative.

    • Bangs42@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      10 months ago

      I’ve started migrating all of my 2FA over to 2FAS. No desktop app per se, but it does have extensions for all major browsers, and apps for iOS and Android. You control the syncing of the 2FA (either automatically via Google Drive or via manual bulk exports to a local file), no SaaS bullshit.

      • Pika@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        I think this was what I was planning on switching to when my current password manager subscription ran out anyway, and coincidentally I think it’s going to run out around the same time so this might be the alternative I try. I didn’t realize that you were able to use one time use codes via it

  • mlaga97@lemmy.mlaga97.space
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    10 months ago

    Plugging pass/Password Store/Android Password Store for anyone wanting a good wrapper around git+pgp for desktop/Android using a YubiKey or similar hardware security key. It has pretty good OTP support built-in.

  • NarrativeBear@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    10 months ago

    Aegis is a good alternative. Took a while to do the transfer as they don’t allow export of the tokens.

      • stealth_cookies@lemmy.ca
        link
        fedilink
        English
        arrow-up
        13
        ·
        10 months ago

        It is a bad idea to have your password manager and 2FA be the same app though. You want to spread it around so one attack can’t break your logins.

        • Norgur@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          While that is true, the risk of someone brute forcing into an account of mine on the login side than on mine. That’s what I use 2FA against. If they managed to break into my vault, they’d have broken into my Mailserver and whatnot, so…

        • BearOfaTime@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          10 months ago

          Good point.

          Is it realistic (i.e. is it secure enough) to self-host 2 Bitwarden, one for passwords, one for authentication?

          Or would splitting that between 2 Bitwarden logins work?

          I just throwing stuff at the wall, I haven’t thought either of these through yet.

      • bdonvr@thelemmy.club
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        Yeah, I already run Vaultwarden. But like others I don’t really want to combine my tokens and passwords.

    • Justin@lemmy.jlh.name
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      I just use FreeOTP+ on my phone. It’s a fork of a Red Hat authenticator, and completely open source and available on F-Droid.

      No sync, but you can export the TOTP secrets if you want to back them up/move them.

    • StarDreamer@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      Bitwarden has TOTP support with a pro license. Or you can just selfhost (using vaultwarden) and have all the features instead.

  • DLSantini@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    10 months ago

    I didn’t even realize they had a desktop app. I’ve been using the mobile app for a few years. I was just thinking about installing the mobile app in my WSA install, since it just didn’t even occur to me that there was a desktop version. I guess now it doesn’t matter either way.

  • _edge@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    OK. Can someone please help me how to export?

    I have Authy 2.4.2 on Linux desktop (too recent for the --remote-debugging-port option used here to work) and Authy 24.13.6 on Android.

    I use mostly the Android version, but sync to the Desktop / Chrome App was a nice backup. If they discontinue this I’m not sure what’s next and would prefer some Android app where I can access the backup. I have Bitwarden Pro if this helps, but my first concern is to get the tokens out of Authy.