Hi. I just discovered this forum recently and need some advice.
I recently switched over to 2FAS (iOS) to manage my sensitive TOTPs. I selected it because:
it is FOSS,
only collects diagnostic data (not liked to user),
and has an intuitive UI.
One shortfall is that it’s iCloud backups are not encrypted. Some people indicate that they use Apple’s Advanced Data Protection on their iCloud for additional protection, but it’s not clear to me if this is sufficient.
So I was wondering if the following backup strategy would be more secure?
It consists of creating an encrypted (256-bit AES) sparsebundle disk image in my Proton Drive folder on my Mac and storing my 2FAS local export backup file in the sparsebubdle image, which is synced with my Proton Drive.
I ran a test with dummy content and was able to download the sparsebundle from the Proton Drive with the browser interface and access it’s content.
This approach is quite manual compared to automatic iCloud backups, but I’m only using it for my most sensitive accounts.
The Techlore resources page lists Ente Auth as a recommended iOS TOTP 2FA app. I would have considered using it, but the App Store privacy details indicate that it may collect: contact info, user content and identifiers linked to the user.
I considered using Veracrypt, but did not feel comfortable installing OSXFUSE on my Mac.
I would really appreciate any insight you may have to offer.
Just be sure you have access to your backup without having access to your password manager, as I’m assuming your password manager is secured with TOTP with 2fas.
So you need to both be able to get access to and decrypt your backup, which will then let you into your password manager along with your master password, which will then let you into your other accounts.
I’m not a mac user, but if you’re manually encrypting your backups before storing them (and you have a good way to remember/store the keys to decrypt it), that’s a solid offsite backup.
Along with this, you should probably have an onsite backup as well. Choose your storage medium well.
USB drives: Avoid. Not super leakproof.
M-disc: for a single write, but they last 30 years. Good for super long term stuff
SD cards: A single write should last a few years, so not a bad backup method. Limited write cycles, so don’t reuse it too much.
HDD: if you’ll be rewriting/accessing this backup super often. In this case, use another medium as well to make longer term backups.
Your method would probably do. Run through scenarios to restore to make sure you have all the pieces you need.
More general advice would be 3-2-1:
3 copies on
2 different types of media and
1 in the cloud in another timezone/continent.
For encryption of the file, you could probably do something like storing the backup file as an attachment in a Keepass entry that is encrypted with a word you can remember. That’d do, and work out on any platform where you could find a keepass app to open it. Possibilities!
You’ve made me realize that in the event that all my devices and onsite backups (HDD & paper) are unavailable, my Proton master password needs to be “memorable” so that I can access my backups stored on Proton Drive. But I still wouldn’t be able to access my Proton account without its TOTP (which I can’t realistically memorize). I would most likely have to store the Proton TOTP secret somewhere offsite to close the loop.
The more I think about this the more I realize how complicated it can be.
Since I’m on Android I use Aegis for my TOTP; what I did for it was I create local and cloud backups (in proton drive), and I wrote down my aegis password and keep it safe, this helps in case I need my totp backup to login to bitwarden. I also use security keys, so I can use them as 2fa for bitwarden, then login to proton drive with bitwarden and the security key, and then download my aegis backup as well. My one failure is not having adequate 2fa backups off-site for logging into bitwarden. I’m still working through that personally.
You really shouldn’t make definitive decisions about which privacy products to use based on this information alone. In this case, it has distracted you from paying more attention to the critical vulnerability that exists in 2FAS by design, which is why Techlore and Privacy Guides don’t recommend 2FAS. You should read the full privacy policy if this is an aspect that concerns you.
In the case of Ente, they mention contact information because you can optionally register for their service with your email address or send them support requests. They also mention user content because that is what they store when you create an Ente account and store your TOTP codes end-to-end encrypted on their servers. Identifiers include “information about your internet connection, IP address and user agent details.”
Now, if we look at 2FAS, they collect your device-related identifiers: “Device ID (including brand, model, unique ID, operating system info, and storage state).” They also state that they use Google Analytics for their analytics, but I haven’t been able to confirm that. However, their application connects to several Google domains, and even turning off analytics didn’t stop them all.
As we can see, the conclusion should be different if you pay attention to the relevant stuff, and read the actual privacy policy if needed.
I’ll just comment with a simpler and in my opinion a superior solution:
Use Ente Auth. It should tick everyone’s boxes unless you have peculiar needs.
Edit: I just read the rest of your post.
I mean, if your threat model is that high - then do what you need to do to ensure the privacy and security you want. But really, Ente is great and works well. I don’t think you should be concerned about whatever it is keeping you from using Ente Auth.