I’m trying to move away from Authy since they’re ending support for their desktop app, and I thought Aegis would be the right app for me to jump to, but it doesn’t seem to have a desktop app. So I’m wondering what FOSS apps the rest of you use for Desktop and Mobile 2FA?

  • mholiv@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    4
    ·
    9 months ago

    Slightly off topic but desktop 2FA apps kind of kill the point of 2FA.

    2FA protects you by ensuring that even if your computer is compromised your account will have a layer of protection in that second factor “aka something you have”.

    If you have that on your desktop, you might as well not have it.

    If you find 2FA off of your desktop annoying I recommend looking into passkeys. Open standard and less annoying. Just not well supported.

    • ebits21
      link
      fedilink
      English
      arrow-up
      5
      ·
      9 months ago

      Passkey is on your device though?

      It doesn’t kill the point of 2fa. It’s something you have… you have your device. If you didn’t you wouldn’t have the TOTP code.

      The something you know (password) is much more likely to be breached and stolen. That is what isn’t tied to your device. You probably want the second factor to be linked to just the devices you have.

      • mholiv@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        9 months ago

        Edit: I was wrong and mixed up passkeys with something else. Passkeys I think are still better than desktop totp apps because at least they work with secure hardware on the platform.

        • ebits21
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          That’s not what passkeys are in many implementations. Look up Google/microsoft/apple passkeys. That’s what people mean when they say passkeys.

          You’re thinking of a device like a Yubikey, which is a great device.

          • mholiv@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            You’re right. Yah. Still at least those use “secure element” equivalents at least.

    • KrapKake@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      I’ve seen people say this, but what makes your phone so much safer than your computer?

      • mholiv@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        It’s the second factor that adds security. Aka “something you have”.

        If you use totp on your phone to log into an app on your phone yah it’s true it’s not much more secure (although I would argue app isolation does make it more secure) but using your phone to provide totp for your desktop proves that second factor.

      • mholiv@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        9 months ago

        Modern smart phones were architected from the beginning to have app isolation. That makes the difference.

        Your phone runs by default like a Linux system with selinux in mls mode with 100% coverage mls isolation policies baked in. That’s just a more secure foundation to build on. No Linux distro today has selinux in mls mode with 100% binary coverage with isolation policies.

        Using your phone is a good safe compromise. Unless you are running Qubes OS you aren’t going to beat it.

    • Evkob
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      Where do you keep your TOTP if not on your devices? Or do you own a separate device exclusively for TOTP?

      • mholiv@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        9 months ago

        For less important things I keep my TOTP credentials on my phone. Not perfect but definitely safer than a PC statistically speaking.

        For more important things I use either a passkey or yubikey or a gpgsmart card depending on what is supported. All three work via usb or NFC.