2FA TOTP app questions for better security

Hi All!

I have some questions to improve my 2FA TOTP use. I know one of the the best solution for 2FA TOTP is using Yubkiey, but it only supports 32 seeds and I have way more than that. So I could use my top 32 apps with Yubikey and the other apps outside Yubikey TOTP. I have seen that Raivo (I own a ios) and agious are highly recommended.

  1. Both Raivo and agious allow you to use a password to access the app. Is that enought in case my phone is stollen?

  2. Is it ok to activate face recognition for login or, on security perspective, it is better to keep the password because it is easier to break the face recogtion than a password?

  3. Would make sense to have a 2FA TOTP app that to allow you to access the app you have to authenticate using Yubikey hardware? So in this case, the yubikey is not used for TOTP just to login the TOTP app and I undestand would be a strong solution with no 32 seeds cap.


Once Yubikey TOTP only accepts 32 TOTP seeds I thought about using a 2FA TOTP app that uses Yubikey Key for Login, instead of face recognition or just a password I was trying to find the “best” 2FA TOTP app for
What do you want advice about?

What have you considered or looked at already?

In brief, tell us about your privacy threat model?


Hello there! Welcome to the forum :tada:

Now I will respond to your questions one by one :

Yeah, IMO it is enough. I recommend you to do backups tho. Aegis has the capability of doing encrypted backups, put it on a SD card or on a cloud storage that is encrypted or not, we don’t care since what you uploaded is an encrypted file after all. I don’t use Raivo since I don’t have any Apple devices so I don’t know if it can do these encrypted backups.

Yes, use a password, ideally a pass-phrase as it is easy to remember and difficult to crack it.

Maybe but I am not aware of any app having this capability. I am only aware of the Yubico Authenticator so you can still use TOTP for services that doesn’t support U2F aka Hardware keys. It requires you to use your Yubikey to access your seeds.

Hope this helps! :grinning:


TOTP isn’t the same as yubikey, they’re 2 different 2fa methods.

Aegis is my favorite app for TOTP, and yes a password is sufficient so long as it’s not easily predictable. I’d use a randomly generated password, at least 30 characters long, and store it in your password vault.

Facial unlock, outside of apple’s face id is for convenience not security. Most of the time it could be unlocked using a photo of your face, which anyone who knows you could get from FB. If your phone has an ultrasonic fp sensor, that would be a much more robust biometric unlock method (comparable or slightly better than face id).

1 Like

Maybe I misunderstood, but they’re talking about using the Yubico app for TOTP, but where you have to plug in your yubikey to get access to your codes

1 Like