• Monomate@lemm.ee
    link
    fedilink
    English
    arrow-up
    24
    ·
    10 months ago

    That’s an awful decision by Twilo. I deliberately only install Authy on my Desktop computers because they’re always at home and cannot be easily stolen/lost like my phone.

  • LWD@lemm.ee
    link
    fedilink
    English
    arrow-up
    17
    ·
    10 months ago

    Funny way to announce something, by putting it somewhere that most users won’t see it.

  • dantheclamman@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    10 months ago

    Twilio is under a lot of pressure from shareholders eager for more profit (CEO was just pushed out), so I figure this is just the start of a long wave of enshittification. I switched to Authenticator Pro (Android), which is much better in every way. Can backup between devices, has WearOS support, and a proper dark mode. I’d use bitwarden, but I hesitate to keep my TOTP keys in same place as my passwords

  • whyNotSquirrel@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    2
    ·
    edit-2
    9 months ago

    Good thing I made the switch to 2FAS

    You still need my(edit: I need mine, but you can use yours) phone but with the Firefox add-on you just need to accept the pushed notification for it to autocomplete the code

    And it’s opensource

    • Bangs42@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      Thanks for the recommendation. Started working on migrating all of my 2FA over from Authy. The process sucks (that’s not the fault of 2FAS), but I really like 2FAS as an app so far.

    • FlumPHP@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      10 months ago

      I can’t tell from their page – is it syncing via a SaaS service or just out to a file store like Google Drive?

      Edit: It does sync with Google Drive and file exports. No SaaS component that I can see.

  • Pika@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    10 months ago

    well I’m now in the market for a new MFA app, anyone have any recommendations? Preferably one with a desktop alternative.

    • Bangs42@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      10 months ago

      I’ve started migrating all of my 2FA over to 2FAS. No desktop app per se, but it does have extensions for all major browsers, and apps for iOS and Android. You control the syncing of the 2FA (either automatically via Google Drive or via manual bulk exports to a local file), no SaaS bullshit.

      • Pika@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        I think this was what I was planning on switching to when my current password manager subscription ran out anyway, and coincidentally I think it’s going to run out around the same time so this might be the alternative I try. I didn’t realize that you were able to use one time use codes via it

  • mlaga97@lemmy.mlaga97.space
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    10 months ago

    Plugging pass/Password Store/Android Password Store for anyone wanting a good wrapper around git+pgp for desktop/Android using a YubiKey or similar hardware security key. It has pretty good OTP support built-in.

  • NarrativeBear@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    10 months ago

    Aegis is a good alternative. Took a while to do the transfer as they don’t allow export of the tokens.

      • stealth_cookies@lemmy.ca
        link
        fedilink
        English
        arrow-up
        13
        ·
        10 months ago

        It is a bad idea to have your password manager and 2FA be the same app though. You want to spread it around so one attack can’t break your logins.

        • Norgur@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          While that is true, the risk of someone brute forcing into an account of mine on the login side than on mine. That’s what I use 2FA against. If they managed to break into my vault, they’d have broken into my Mailserver and whatnot, so…

        • BearOfaTime@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          10 months ago

          Good point.

          Is it realistic (i.e. is it secure enough) to self-host 2 Bitwarden, one for passwords, one for authentication?

          Or would splitting that between 2 Bitwarden logins work?

          I just throwing stuff at the wall, I haven’t thought either of these through yet.

          • Norgur@kbin.social
            link
            fedilink
            arrow-up
            15
            ·
            10 months ago

            Given that the comment was a demand for self hostable Authy, I think they might wanna :P

            • LWD@lemm.ee
              link
              fedilink
              English
              arrow-up
              3
              ·
              10 months ago

              Vaultwarden is among the easiest things to self host, too. If you want to go about it, it’s a good choice.

          • CosmicTurtle@lemmy.world
            link
            fedilink
            English
            arrow-up
            7
            ·
            10 months ago

            Which is damn near cheap compared to other companies. I personally use dashlane (I know I know I should self host but I don’t trust myself for something as important as passwords) and that’s $60 for their premium package.

          • reev@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            6
            ·
            10 months ago

            I love my bitwarden but is it less secure to have all your eggs in one basket? That’s the main reason I’ve been using separate apps so far.

            • methodicalaspect@midwest.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              10 months ago

              It may very well be, especially if the basket your eggs are in is full of holes. I always figure, as long as it isn’t a pad of paper on a desk, or a company that regularly makes headlines due to security breaches, I should be okay.

          • rambaroo@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            10 months ago

            Cool, I might check it out then. I knew I’d have to move off of authy eventually.

            • ikidd@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              10 months ago

              I self-host, but I still pay for their premium because it’s a damn good product I want to see kept maintained for years to come.

              I mean, cmon, it’s $10. Almost cheaper than a banana.

              • BearOfaTime@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                10 months ago

                That’s a good point.

                I’m not paying currently because I don’t use their online service.

                Adding them to my “Annual Donate to Software I find Useful” list, that I just started this year.

                I despise subscriptions. For apps that have a hosted portion, I understand them, but I’d still rather pay annually.

                • ikidd@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  10 months ago

                  It’s $10 annually in case you thought it was monthly. I’d imagine if you went in and subbed, then cancelled the sub, you’d still have your year you paid for. But yah, I’d like an option to not auto-renew, even though I do.

      • bdonvr@thelemmy.club
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        Yeah, I already run Vaultwarden. But like others I don’t really want to combine my tokens and passwords.

    • Justin@lemmy.jlh.name
      link
      fedilink
      English
      arrow-up
      4
      ·
      10 months ago

      I just use FreeOTP+ on my phone. It’s a fork of a Red Hat authenticator, and completely open source and available on F-Droid.

      No sync, but you can export the TOTP secrets if you want to back them up/move them.

    • StarDreamer@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      Bitwarden has TOTP support with a pro license. Or you can just selfhost (using vaultwarden) and have all the features instead.

  • DLSantini@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    10 months ago

    I didn’t even realize they had a desktop app. I’ve been using the mobile app for a few years. I was just thinking about installing the mobile app in my WSA install, since it just didn’t even occur to me that there was a desktop version. I guess now it doesn’t matter either way.

  • _edge@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    OK. Can someone please help me how to export?

    I have Authy 2.4.2 on Linux desktop (too recent for the --remote-debugging-port option used here to work) and Authy 24.13.6 on Android.

    I use mostly the Android version, but sync to the Desktop / Chrome App was a nice backup. If they discontinue this I’m not sure what’s next and would prefer some Android app where I can access the backup. I have Bitwarden Pro if this helps, but my first concern is to get the tokens out of Authy.