Anybody have a good reason to not use Authy? I’ve seen Aegis mentioned quite a bit but nobody supporting/dunking on Authy. I thought they were one of the more popular choices.
Professionally I’ve had situations where Ms authenticator was the only option because the only 2FA they allow is push notifications on the authenticator app. :(
I even used freeotp+ for my ORG 2FA and aegis for my personal so I could easily keep them split ( and you can export / securely store the backups somewhere ).
Professionally I’ve had situations where Ms authenticator was the only option because the only 2FA they allow is push notifications on the authenticator app.
If a company requires me to install specific apps that may or may not work on my device, I expect that company to provide me with a device that can be set up for their stuff. Or an alternative, like a hardware RSA token.
I’ve run two separate phones for nearly 15 years now: my personal phone, and a work-issued phone. The work phone is turned off and left on my night stand as soon as I get home, and only turned on again when I’m getting ready to go back to work. I don’t carry it 24/7 as some have been led to believe, for some reason. It’s really nice to have that separation. And work pays for it.
We do need to get corps to move away from closed source protocols like MS, Google, Meta and others push notifications though. Those are not in anyway safer and are just basically trap to force people to use their apps
Use Aegis.
The MS Authenticator contains telemetry and should not be used.
Anybody have a good reason to not use Authy? I’ve seen Aegis mentioned quite a bit but nobody supporting/dunking on Authy. I thought they were one of the more popular choices.
Authy is closed source and owned by Twilio, a publicly-traded company.
Aegis is FOSS.
Do what you will with this info.
Seems like Authy doesn’t have a feature to export to another app. Guess you re-enable 2fa on each account to move to something like aegis.
That’s exactly what I did. It was a pain because I have so many 2FA-enabled accounts, but it was absolutely worth it.
Authy also doesn’t work on GrapheneOS.
EDIT: And Authy scrapped their desktop apps. I’m using ente instead.
https://f-droid.org/packages/io.ente.auth/
That makes sense. Thanks! I don’t use graphene but I do use authy and wondered if I should be reconsidering my choices 😅
Agree for personal use.
Professionally I’ve had situations where Ms authenticator was the only option because the only 2FA they allow is push notifications on the authenticator app. :(
I even used freeotp+ for my ORG 2FA and aegis for my personal so I could easily keep them split ( and you can export / securely store the backups somewhere ).
Time to get corps to ditch Microsoft >.>
If a company requires me to install specific apps that may or may not work on my device, I expect that company to provide me with a device that can be set up for their stuff. Or an alternative, like a hardware RSA token.
I’ve run two separate phones for nearly 15 years now: my personal phone, and a work-issued phone. The work phone is turned off and left on my night stand as soon as I get home, and only turned on again when I’m getting ready to go back to work. I don’t carry it 24/7 as some have been led to believe, for some reason. It’s really nice to have that separation. And work pays for it.
We do need to get corps to move away from closed source protocols like MS, Google, Meta and others push notifications though. Those are not in anyway safer and are just basically trap to force people to use their apps