It’s a debated issue but personally I don’t recommend it. There’s also the option of keeping your TOTP seeds on Bitwarden and having it generate your codes (premium account required). Bitwarden Open Source Password Manager Review and Why We Moved From LastPass Lawrence Systems 236K views 3 years ago Best Password Managers of 2021: Top 3 Picks Login Lockdown 15K views 2 years. It’s not a bad option though and my next choice after Authy. Microsoft Authenticator isn't bad but I've got some concerns over privacy and security behind Microsoft in general. Some say it has changed now, but don't take the chance when there are so many alternatives out there that have been great for years. It has a bad history of locking you out completely if you lose your device ( 1, 2, 3). Whatever you do though, do not use Google Authenticator. There is a github workaround for being able to export your Authy TOTP seeds but it takes a few steps. You'll find lots of options out there, but unfortunately nothing that is open source, cross-platform, and lets you export seeds. The free version of Bitwarden gets the basics right and doesn’t cost a thing, but it lacks a few features that make 1Password such a standout option, such as password checkups and 1 GB of. OTP Auth - iOS only, lets you export TOTP seeds. This is my top suggestion for most people.Īegis - Android only, lets you export TOTP seeds. No authenticator does everything though which really sucks.Īuthy - Cross platform, backs up to the cloud, great support. But it makes brute-forcing a bit easier, though if the password is long enough and has different characters, it would still take a billion years to guess. My suggestion moving forward with an authenticator is no matter what program you choose, make sure you've got a way to have a plaintext version of all of your TOTP seeds. If not, then they could probably save which positions to ask and the corresponding characters on creating the account (e.g., positions 135, characters aef) and keep the password hashed. In the past few weeks we’ve seen a lot of users post devastating threads about being locked out of all of their Google Authenticator 2FA backed accounts once they reset/lost their phone. This video hits the main points very well as to why you shouldn’t use Google Authenticator.
0 Comments
Leave a Reply. |