I’ve always been of the mindset that storing your 2fa next to your passwords at least partially defeats the purpose of 2fa.
The two types of attacks I worry about would be a hacked/leaked password from a third party site, or your password manager being compromised. While the latter is far less likely, it is still something I’d like to protect myself from as much as possible.
If my password manager is compromised, I’m well and truly fucked. If one site has shitty security (odds of which are approximately 1), having 2FA might help.
Las time I checked those that require a Microsoft or other propietary authenticator app that isn’t Google’s. They would force you to first use that propietary app and later export to Aegis. Correct me if I’m wrong, of course.
Just checked, you’re right about Google. Microsoft does allow you to use any app though. It’s funny that the “EEE” Microsoft is less anti-user than the “Don’t be evil” Google. But anyway, seeing how Google locks it down, I’m sure there must be others too. So you’re right
I was referring to other services requiring specific propietary authenticator apps. Many sites will be compatible with Aegis even if they don’t mention apps other than their own in their step-by-step guide. Have you tried? If it isn’t compatible through scan or manual code input the 2FA setup simply won’t finish.
I recommend KeePass and I encourage everyone to consider it given its platform-agnostic portable format. What happened to Raivo cannot happen to KeePass and its more of a universal solution as opposed to 1) Android: Aegis 2) iOS: Tofu or OTP etc.
All of those are very good apps but the problem remains that they all have their own peculiar/specific format that doesn’t necessarily play nice with any other app. KeePass is a convention/format that doesn’t really vary between implementations.
Edit: It also allows for choice in whether to keep it local or to safey sync in your choice of cloud service without exposing the contents unencrypted. If you don’t want to manage any of that, I would recommend Bitwarden and paying the $10 once and see if you’re still fine the next year without having to resubscribe if thats a problem for you.
The problem here would be storing your passwords along with your 2fa. You’re basically giving away every information needed to enter your accounts in case someone get access to your vault.
The best option would probably be using both KeePass and BitWarden. You store your passwords in one and your 2fa in the other.
Add comment