One more step to unhitching from Google…
Right now the only option I see in F-Droid is Aegis.
I’m not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.
Hopefully something I can sync with a GNOME app…
You must log in or # to comment.
I use Aegis, it works well
I like Aegis.
Bitwarden. I don’t self host it, though. $10 a year for password management and 2FA is fine by me.
As I’ve seen gaming server subscriptions go from £36/y to £23/m (Xbox) in a few years, and cloud CCTV storage from £40/y to £16/m (Google via acquisition of Nest) in a few months, I say we count our stars when a subscription cost remains fair.
I’m on the same plan, I do plan to self host it though as a backup only.
Same. Self hosting it sounds nice, and I self host a handful of services, but I don’t want to be stuck without passwords in another country with a dead server at home because a power cut happened at some point.
I use Aegis on my phone.
Aegis ♥️
Bitwarden
I’m a little concerned about having OTP and passwords together in one system.
OTP is on my phone, Bitwarden is on my computer. I don’t use the OTP in Bitwarden.
This is the way. I use Bitwarden and Aegis.
The issue here is putting Bitwarden on your phone with OTP in Bitwarden.
On the phone, I use Authy, More eggs - more baskets.
Yah, I can’t see a point to have another app/extension when Bitwarden has it built in, and it’s a great password manager.
Wait, it does? Including in the mobile app? I don’t see it.
Right under Password in the edit screen of an item: Authenticator Key. You put in the auth key the target site provides you when you enable TOTP and it will start generating timed tokens. Usually you’ll also get a one-time pad of backup keys, I usually toss those in the Notes of the edit screen there as well in case something goes wrong.
The browser extension also lets you scan the page for QR codes for the TOTP key.
The point of 2FA is “something you have” and “something you know” to enter a secured system.
If you put both of those into one system that is accessible by one password, the whole concept is defeated.
My threat model isn’t having someone take my computer and log into stuff so my concern when using 2FA is more about them having gotten hold of a password remotely. But a TOTP makes that password pretty hard to use, no matter where it’s stored. And my BW is also protected by a Yubi/password combo, so I guess I’m just vulnerable to having that beaten out of me.
The other issue with this - If you lose access to that one system, you’re SOL. It’s a single point of failure.
That I could accept as a good reason.
But if they get your Bitwarden vault and crack it - they have everything Throw a roadblock in their way - use a separate app for OTP.
Bitwarden
Aegis
Bitwarden Authenticator because Bitwarden seems to have a good reputation. I don’t use their password manager, though.
It does seem faintly insecure that it displays all of the codes at once on one page, but I’m having trouble imagining a scenario where it’s actually a problem.Yubikey. I dont want to trust my phone, so I use some separate hardware instead
Enteauth
2FAS Authentication
Ente
Proton Authenticator. Has both Desktop and Mobile apps. Free. Don’t have to sync to Proton.
Do they have a Linux client for the desktop?
deb, rpm and aur-bin
Thanks for the speedy reply. On LMDE so Debian it is.
They have no Linux Drive desktop client, so that was pleasent suprise.
I use Aegis, automatically backed up every time a new key is added. Was using Authy for a while, but they’re going down the enshittification hole, so I dumped them.
Vaultwardwn/bitwarden + a yubikey for bitwarden itself and a few others
