Ha, fair - and my desktop too, since I currently use the Authy desktop app. However, that’s two different sets of credentials an attacker needs to steal/bypass, and two chances to stop them in time.
If you use Linux then OTPClient works great with Aegis since it can open Aegis export files directly. I’ve set up Aegis to make an export whenever I change something, I sync the exports automatically to my PC, and I open them with OTPClient there.
OTPClient can ask for the export password each time you open it and will close itself automatically if it’s not used for a while.
You can also use it to export the 2FA codes further in various formats, show the QR code for any of them, and all kinds of useful features like that.
But wow, those NFTs. It’s cute that they’re trying to create an incentive for donation, and I appreciate that whoever they outsourced that project to, they (allegedly) employed and artist and not a machine to make the components of the artwork… But it would have been a lot less cringe if they had done it in-house and not thrown it onto a blockchain (all use of one validates their use and helps create “value” for them, after all.)
It launched an NFT based donation program: https://2fas.com/donate/
and it is not available on F-Droid.
I’d go with Aegis for an App on Android, or a Bitwarden/KeepassXC password manager which can both handle 2fa tokens too.
I don’t like the thought of having my passwords and 2FA live in the same place - that seems to miss the point a bit.
Like your phone?
Ha, fair - and my desktop too, since I currently use the Authy desktop app. However, that’s two different sets of credentials an attacker needs to steal/bypass, and two chances to stop them in time.
If you use Linux then OTPClient works great with Aegis since it can open Aegis export files directly. I’ve set up Aegis to make an export whenever I change something, I sync the exports automatically to my PC, and I open them with OTPClient there.
OTPClient can ask for the export password each time you open it and will close itself automatically if it’s not used for a while.
You can also use it to export the 2FA codes further in various formats, show the QR code for any of them, and all kinds of useful features like that.
Aegis is great.
You can download it straight from their GitHub, or presumably using Obtainium:
https://github.com/twofas/2fas-android/releases/latest
But wow, those NFTs. It’s cute that they’re trying to create an incentive for donation, and I appreciate that whoever they outsourced that project to, they (allegedly) employed and artist and not a machine to make the components of the artwork… But it would have been a lot less cringe if they had done it in-house and not thrown it onto a blockchain (all use of one validates their use and helps create “value” for them, after all.)