2-factor auth
-
zonk
- Posts: 8
- https://pl.pinterest.com/kuchnie_na_wymiar_warszawa/
- Joined: Sat Jan 25, 2025 12:34 pm
2-factor auth
I think the last thing that's holding me back from switching to a dumb phone is 2fa. What are some good alternatives to smartphone apps for TOTP, and what's it like using them in the real world?
-
Crazyroostereye
- Posts: 36
- Joined: Thu Nov 21, 2024 9:54 am
- Location: Bavaria, Germany
- Contact:
Re: 2-factor auth
There do exist TOTP clients for the Desktop, and in Password Managers like KeePass and Bitwarden.
While I do have a Smartphone I actually rarely use it for 2FA, I primarily use the Passkey/TOTP integration in Bitwarden (I trust it as I do Selfhoste it in my own Network so no Internet access without VPN).
Another option are FIDO keys, which are USB devices that store and act as Passkeys which also sometimes offer a TOTP.
Example Yubico's YubiKeys
They are a bit Pricey but are good and secure devices usually.
While I do have a Smartphone I actually rarely use it for 2FA, I primarily use the Passkey/TOTP integration in Bitwarden (I trust it as I do Selfhoste it in my own Network so no Internet access without VPN).
Another option are FIDO keys, which are USB devices that store and act as Passkeys which also sometimes offer a TOTP.
Example Yubico's YubiKeys
They are a bit Pricey but are good and secure devices usually.
Re: 2-factor auth
I do use KeePassXC so I am tempted to use that. As they state in their docs, though, putting TOTP keys in the same database as the passwords defeats the security of 2fa. I am considering making a second database just for them, but that will be a bit annoying (of course the TOTP database would need a different password to remember).
-
Crazyroostereye
- Posts: 36
- Joined: Thu Nov 21, 2024 9:54 am
- Location: Bavaria, Germany
- Contact:
Re: 2-factor auth
Not entirely. Yes in the case somebody gets access to your KeePass it will mean that 2FA is useless, but when that happens they most likely have access to your Computer (or you Lost the KeePass File, never Upload your KeePass file keep it local).zonk wrote: Wed Jan 29, 2025 8:25 pm As they state in their docs, though, putting TOTP keys in the same database as the passwords defeats the security of 2fa.
But the more likely attack your account will witness is a Brute Force or leaked Password, where the 2FA will work having it in your KeePass. It depends on the Risk you are willing to take.
But when this Risk is still too high, which I fully understand, I would recommend A FIDO Key with TOTP functionality.
As the FIDO Key acts as a Hardware Passkey, so you can make use of Passwordless, and if that dosent work for the Service you can use the TOTP feature.