![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.world/pictrs/image/db7182d9-181a-45e1-b0aa-6768f144911a.jpeg)
Wow, this is written by one truly oblivious journalist
Wow, this is written by one truly oblivious journalist
That’s Erling Haaland, his face is generally in a state of comic distortion
Well yes, the most secure way would be a single source of OTPs, however I’m happy to compromise that slightly for convenience. Having 3-4 devices with access to the OTP database isn’t a huge increase in my attack surface. An attacker would still need to steal one of my devices, rather than one specific device. Those devices would also naturally be protected by additional factors.
I understand I would have to handle the syncing of the database for aegis, I was more curious if you knew of other clients that could use the same database format on other platforms.
I’m very aware it’s a bad idea to keep your OTPs in the same database as your passwords (and in fact already make use of keepass). I would probably not even sync the databases using the same mechanism
Bitwarden/vaultwarden does seem to be the front running option if there aren’t suitable clients for reading an Aegis database on other platforms, and I’ll just ignore the password manager aspects of it even if that means it’s a heavier solution than I’d have preferred.
Thanks for bearing with me on this
And royally fucking the country up unabashedly
We have a mostly right wing press over here and the leftmost publication is the guardian which generally has a liberal-centrist bias. It’s taken the Tories getting to insanely ridiculous levels of incompetence for the general public to finally cotton on
It’s politico, they have a centre-right slant, so of course they think the left should move in their direction
Okay I see what you’re saying but it’s still a downgrade from what I thought my security was, the fact authy broke that trust doesn’t mean I want to compromise what I was expecting to the level they ended up providing me
Sure, I guess the thing I’ve not made clear enough is that I accept the compromise of security by having an SMS backup in this scenario for the convenience it provides in restoration. Someone could compromise my SMS but they’d still need my password, and in Authy’s case, they would also then need to be able to sufficiently convince Twilio that I’m me before they allow access again. I understand that the last step is obviously not possible with a non-commercial solution.
Tbh you’ve kinda come up with the solution for me though, if I keep the database in it’s own cloud storage separate from everything else I could set up SMS 2FA and a unique memorable password to get a similar experience to what I have now, albeit without the extra verification when SMS is used.
Since you’ve been helpful already, one last question if you don’t mind: do you have good recommendations for iOS, Mac & Windows clients for aegis? The official repo seems to just be an android app, and I make use of authy across all 4 platforms currently
Perhaps attach the banana more securely so it’s not hanging
I mean “they don’t know how” doesn’t have to mean this is an exceptional case
They could just be ubiquitously incompetent and they don’t know how a lot of stuff happens
Do you have a second factor for your VPN? Or is it literally just a passphrase and you’re in? I also need a shared key to access mine, which puts new back at square one (I will not compromise on this)
I do really need what I’ve described because it’s literally a situation I’ve been in.
Do you carry your recovery codes with you at all times?
I guess I could do this, but it seems like a downgrade from my current situation
Well I thought this was kinda obvious what I meant, but I guess not.
Alright, drop the sass, if it was obvious your post wouldn’t be the length it is. Now chill, I genuinely appreciate your response
0, no go
1, also a no go, I can’t guarantee I’ll have an extra thing
2a. No 2fa, so this is a reduction in my current security
2b, this could be workable, I already self-host a number of services, but I want to be sure situational neglect (i.e. life is too busy for me to pay attention) cannot compromise this, therefore it’s gotta be a turnkey solution that I can configure to auto update, which is what I’m asking for in my comment. I need your specific solution for this, generalisms are useless here.
3: Not workable, I can’t rely on someone else being able to help in every possible scenario (and tbh I wouldn’t want to put that responsibility on someone)
4: This is a pretty good one tbh, though I guess if I’m going to pick holes, if the first stage is good enough as the gate, it diminishes the reason to have the second stage, so I’d wonder what you would suggest that could tick all the boxes for that first gate.
Edit: weird numbering formatting to combat lemmy formatting doing weird things
This is specifically a scenario where I’m starting from a single blank device because I’ve just been robbed on the other side of the planet.
Edit: for added weight, I’ve been in this exact scenario. I was able to get my ESIM reprovisioned to a new phone and recover everything within a day. I don’t want to replace authy with a solution that doesn’t cover that scenario
Oh, in that case it’s not quite equivalent, because my cloud storage is protected by the two factor code stored in my Authy OTP database.
I would still need to access the OTP database before I could access the cloud storage, which is where it would be stored in this scenario.
That’s potentially a solution then, as I guess in order to buy a new phone I would need to have not lost my wallet too at least, so I guess I could keep those items together for equivalent recovery possibility
Okay that may be a goer, I’ll look a bit more into it, thanks!
I agree it’s much worse than using a modern OTP app, but I need a way to access my OTP database when the only form of digital identity I have access to is my phone number.
Authy currently supports this scenario for me (with a load of checks, it doesn’t happen instantly), so I would require a like for like replacement
(reposted from another comment mentioning aegis)
Interesting, I’ve seen this one before but it didn’t seem like it would support my deal-breaker scenario—I still can’t seem to see support for that on the readme, could you point me at some docs?
I’ve looked into this before and unfortunately it doesn’t support the SMS requirement I have in my deal-breaker scenario—do you know if this has changed and can point me to the docs regarding it?
This is a new one to me, but a quick look at their homepage doesn’t seem to suggest SMS support as per my deal-breaker scenario—could you point me to the docs describing that functionality?
Interesting, I’ve seen this one before but it didn’t seem like it would support my deal-breaker scenario—I still can’t seem to see support for that on the readme, could you point me at some docs?
This seems like a pretty big deal, right?