Hey!
I am looking for a 2FA solution that can be easily accessed between devices,
(For example - when I add OTP code on android it will apear on PC)
I have been using a pasword manager, and I recently bought some hardware keys,
I know there is an option to add OTP to my password manager, but I dont think it’s safe enough…
I want to be able to seperate my passwords from the OTP codes for added security.
Do you have any program recommendations to my scenario?
I mean OTP via yubikey is a thing. What type of security key did you get?
I don’t see why people try to present more attack surface by putting their OTP secrets on 2 different devices and 2 different platforms. As I said before, installing your password manager on every device you wish to sign in from makes sense since typing long randomly generated passwords time and again isn’t exactly fun… but TOTPs are 6 digits long usually, just read them from your phone and type them manually. There’s no good reason why you’d have them on more than one device.
Of course you should keep an ENCRYPTED backup of your codes on your computer or external hard drive or whatever, but that’s different.
Edit: what you’re describing is also less secure. The kind of syncing you’re talking about means sending your secrets to a 3rd party server that you’d need to trust. The best TOTP apps are 100% offline and don’t require internet access to work.
2FA via yubikey is a thing, OTP is a different 2fa method altogether. I think OP is talking about TOTPs.
Both TOTP and HOTP are supported by YubiKeys and can be used for secure authentication. You do need to install a app for it though. They also had a thing called YubiOTP but i havent seen that in the wild before
Authy has client software for both Android and Windows (as well as iOS, macOS, and Linux) and will securely sync the accounts you add to it.
I bought some yubikeys and I also have been using bitwarden
Yeah! I meant TOTP. my bad…
I am a bit concerned using authy, due to the Aug 2022 breach.
In your opinion, switching completely to hardware key login (for example using a yubikey) from TOTP authenticator methods is recommended?
It’s the problem with using a totp app with syncing. Your data will live on someone’s server… for better or worse
Totally agree with you,
I am just trying to find a convenient and yet safe way that I could login from my PC and android.
What do you recommend me to use in if I own hardware keys, should I switch completely to hardware key login (for example using a yubikey) from TOTP authenticator methods?
I mean that is kind of the whole point (in my eyes) of the security key being a something you have form of authentication. Yes i would recommend moving to hardware keys, you do have two of them correct? If so make sure to copy down the seed so you can put it in the second key! Here is the link to the windows download for Yubico authenticator
I have 2 YubiKey 5 Nano and 1 YubiKey 5C Nano.
I tried to use the yubico authenticator, but it’s really not what I am looking for,
you need to add manually every new code all over again, in 3 of my keys…
Just tried it, but it seems that you can’t manage codes on the web version
(I am not really sure, correct me if I’m wrong…)
Good security sometimes does not always equate to ease of use. I’m willing to deal with the inconvenience to have the better security. Sorry I couldn’t help you further.
You might consider whether the free and open source authenticator app 2FAS might suit your needs. Android and iOS apps are available, and while a desktop app is not available, you can install a browser extension and sync tokens via your mobile app.
Authy isn’t the best choice for a number of privacy reasons
My primary concern with Authy is lock-in. That is, it doesn’t allow one to export one’s security tokens so that they can be imported into a different authenticator app. However, Authy does offer the features that the original poster asked for.