If proprietary app is better and more robust I am willing to try it and assess it myself.

  • edgan@lemmy.ml
    link
    fedilink
    arrow-up
    7
    arrow-down
    5
    ·
    edit-2
    1 year ago

    I actually try to use authenticator apps as little as possible. Having to unlock your phone and open the app each time is too much hassle.

    Instead I have four Yubikeys, not security keys, that I store my OTP 2FA codes on. One for personal codes, one for work codes, and the other two as backups for the first two. The backups protect me from hardware failure, the keys being stolen, or lost. One downside of the backup plan is having to scan the QR code twice, once per Yubikey.

    Each Yubikey can store 32 OTP codes on the smart card part of the Yubikey. The 32 code limitation is why I have personal and work codes on separate keys. I did run into this limit.

    This isn’t the cheapest solution. In addition you could argue it also isn’t the most secure, but that depends on the attack vector and circumstance.

    With this setup I can use the Yubico Authenticator desktop to copy and paste the codes into the browser. While mobile I can use the mobile form of the same app. Also all my Yubikeys have NFC, so I can use that method if I want instead of just USB.

    As mentioned in a different comment I highly recommend not storing 2FA codes in password managers like Bitwarden. It creates an all eggs one basket problem, which is exactly what 2FA codes are trying to avoid.

    • s20@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Having to unlock your phone and open the app each time is too much hassle.

      And having to use two USB keys and double code scanning isn’t? I’m glad your system works for you, but it sounds like a pain in the but to me lol.

      • edgan@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I have to use the work one multiples time a day on weekdays. I use the personal one maybe once a week.