Question

What's your favorite authenticator app or device for 2-factor codes?

Do you rely on SMS, or use an app like Google Authenticator? Or do you manage them in your password manager like 1Password? Why did you pick the tool you use?

Mentioned
#Password Management #1Password
Share
cynicaljoy's avatar
2 years ago

I use 1Password. I appreciate the simplicity that 1Password provides me with being able to paste in my shortcode, and then it restores my clipboard. I did have some reservations about putting my password and 2FA in the same location, but I've accepted it.

4 points
maguay's avatar
@maguay (replying to @cynicaljoy )
2 years ago

I use 1Password for my passwords, but haven't switched to using it for 2fa codes yet. How does that work in 1Password—do you press the same keyboard shortcut to add a 2fa code as you do to enter your password?

1 point
cynicaljoy's avatar
@cynicaljoy (replying to @maguay )
2 years ago

After you add the one-time password to your Password secret it will automatically set the contents of your clipboard to the OTP value when you use the auto-complete shortcut in your browser. Then after you paste that value, it will reset your clipboard contents back to its original value.

Additional tip: You can find a list of sites that are saved to your 1Password Vault that have 2FA support that you have not enabled in the "Watchtower" section: "Two-Factor Authentication" -- if you want to keep the 2FA separate from 1Password you can choose to "Don't Save in 1Password" to essentially mark it as done.

I try to treat Watchtower as a TODO list and keep everything under it empty.

1 point
maguay's avatar
@maguay (replying to @cynicaljoy )
2 years ago

That sounds just about perfect, will have consider moving mine over.

1 point
anuaimi's avatar
@anuaimi (replying to @maguay )
2 years ago

Once you enable 2fa for a login, 1Password will add the current one-time code to the clipboard when you login. That way you can just paste the code. It will clear this code from the clipboard after a number of seconds so other apps can’t read it

1 point
victorquinn's avatar
@victorquinn (replying to @cynicaljoy )
2 years ago

+1 to 1Password, it's just so nice to have 2fa in the same place and not have to worry about it. It's a feature I find many 1Password users are surprised exists because it's not super easy to find in the UI.

I used to use 1Password for passwords and Authy for 2fa but have been able to consolidate into just one place.

1 point
anuaimi's avatar
@anuaimi (replying to @victorquinn )
2 years ago

Any concern about if 1Password ever gets compromised, then the attacker will have the 2fa code as well. I sometimes use 1Password’s 2fa feature but for my more important logins I still use Authy

1 point
victorquinn's avatar
@victorquinn (replying to @anuaimi )
2 years ago

That’s a fair concern, though given the way they use your password as an encryption key for the passwords they’d need to be compromised and have my password which I suspect is unlikely.

That said for extremely sensitive items (e.g. email) I think it’s likely wise to intentionally bifurcate these. But for most things it’s likely fine and the convenience factor is high.

1 point
liveink's avatar
2 years ago

Google Authenticator, it just works

2 points
maguay's avatar
@maguay (replying to @liveink )
2 years ago

Have you ever had to move your Google Authenticator account to another device, and did that work ok?

1 point
anuaimi's avatar
@anuaimi (replying to @maguay )
2 years ago

In the past, they didn’t support this but I think they just announced that Google Auth now supports multiple devices

1 point
petersandtner's avatar
2 years ago

I use Authy and 1Password. The main benefit over Google Authenticator for me is that both apps support backup/syncing of your code across devices, so you won't lose access when you lose your phone and you don't have to do anything when you migrate to a new device.

2 points
CompanyGardener's avatar
2 years ago

Authy + 1Password. Haven't tried using 1Password for 2fa, as it's a hassle to switch everything over.

2 points
podman's avatar
@podman (replying to @CompanyGardener )
2 years ago

I used the method outlined here to migrate everything from Authy to 1Password. It worked very well. Certainly much easier than disabling 2FA everywhere and starting over from scratch with 1Password.

2 points
maguay's avatar
@maguay (replying to @CompanyGardener )
2 years ago

This is the combo I use right now. Authy works great—and its Apple Watch app makes it easy to get codes, too. Tempted to try 1P's 2fa support but in the same boat on not wanting to go through the hassle.

1 point
resetbrian's avatar
2 years ago

1Password is my favorite 2FA app because it effectively balances convenience with security. It's better than SMS because you don't have to worry about your phone number getting ported by a motivated attacker.

It does place all your eggs in one basket, but if you're really worried that someone has determined your primary encryption password and stolen your encrypted password manager file, you are probably being targeted by a very advanced attacker (e.g. nation/state), and therefore have much larger issues to worry about. (Use a security key and enroll yourself into Google's Advanced Protection Program, ASAP. Or just stay offline! :-D)

FWIW, I worked for Duo Security and other 2FA vendors in the past. Duo is by far the best 2FA solution for businesses. Duo Mobile is a great choice for managing your consumer TOTP tokens, but you'll still need a password manager. Some folks will argue that keeping your 2FA app and password manager app separate. To them, I would ask, "what threat model they are protecting against?" Like businesses, your goal should be to a less interesting target than someone else. Using 2FA at all makes you much less likely to be a target. To keep using 2FA you will want to make it convenient for yourself, which is why I recommend using 1Password for your 2FA (and backup) codes.

2 points
maguay's avatar
@maguay (replying to @resetbrian )
2 years ago

Very interesting, thanks for sharing your experience with Duo and thoughts on keeping passwords and 2fa together!

1 point
rpruiz's avatar
2 years ago

Authy, mostly because I've been using it since 2014. A few others have come after, good ones, like the one from google. At this point, authy gives me all I need. Besides, I don't want to break what I know it works (or go through the pain of migrating data)

2 points
TheLandGeek's avatar
2 years ago

If you haven't checked out the @nopasswords revolution at Trusona you're missing out. It's a free app and founded by the "Fraud Father" Ori Eisen whom created the 41st parameter to detect fraud and sold out to Experian a few years ago. It's a game changer.

1 point
ggvc's avatar
2 years ago

+1 for Authy. I've had to go through the reset process too many times when switching phones. Being able to back up tokens to the cloud and access simultaneously on multiple devices is priceless. Haven't yet tried to use Authy to share a logon between multiple team members but that will be a gamechanger for us!

1 point
goekesmi's avatar
2 years ago

I use LastPass for passwords, and LastPass Authenticator for 2 factor codes. The password storage is cross platform, cross browser, and the authenticator backs up into your LastPass database. This works out well for me, as I use many devices, and I need to have the loss of device recovery path well established.

1 point
pwentr0pyftw's avatar
2 years ago

Duo is the easiest, cleanest solution I've used. Less for personal and more for work, though.

1 point
simast88's avatar
2 years ago

I use Authy for 2FA because it is available and works across most devices/platforms. Google Authenticator works just fine but Authy offers more features.

I'm also a 1Password user for password management but haven't used it for 2FA yet and honestly, I did not know they supported 2FA!

I also look forward to trying decentralized & blockchain-based identity management and verification solutions such as Civic.

1 point
assaf's avatar
2 years ago

Primarily 1Password. On sites that support U2F (Google, Github, Stripe) also Krypt: https://krypt.co/

You pair your browser with the iPhone/Android. When the site needs a one time token, it pings your phone, you get push notification and approve with one click. If you have an Apple Watch it will vibrate, one click to approve.

Works like magic. Wish more sites would adopt U2F.

1 point
How do you manage your chat inbox?

Hey guys, first post here. As part of my work, I have to deal with and respond to a lot of incoming messages from different chats: Linkedin/WhatsApp/Signal/IG. I try to use Unreads/Archive features...

The Capiche Markdown guide.

Markdown is the most popular way to format plain text. Add common characters like asterisks and dashes to text, much like how you might format a quick store list in your notes app or add emphasis ...

The community for 1Password  power users.