Looking to switch to a new TOTP authenticator on iOS. Any feedback on some of the big ones out there? Microsoft Authenticator, Authy, etc.
TOTP on its own is really simple and nothing special. What you get from specific apps its things like backing up in some way (LastPass Authenticator backs up to your LastPass Vault, Microsoft Authenticator can back up to OneDrive or to iCloud, etc) and/or Push-based authentication that mostly only works with that one specific service. For example, I have Microsoft Authenticator, Duo, and LastPass Authenticator because each of them gets push auths. For everything that isn’t directly using Azure or Duo, I have been putting them into LastPass Authenticator, although with the recent news around them I’m looking at completely shifting away from LastPass.
That’s the reason for my post. I currently use LastPass Authenticator and am moving away from LastPass after their most recent security failure. I was on the fence about switching but after reading this I’m about 99% sure I’m going to switch. Not sure exactly what I’m going to switch to for a password manager yet.
I’m interested in this for the same reason.
Although I’d like to back up my TOTP secrets, I’m wary of putting them in the password manager, or a service whose password is in my manager. It effectively reduces your 2-factor to 1-factor if your password manager is compromised (as has happened with Lastpass).
One possibility might be self-hosted bitwarden w/o internet and store the TOTP secrets on that (you’d have to pay for bitwarden to do this). Considering that I rarely create new TOTP entries on the road, this might be ok. You could then use a cloud-hosted bitwarden or bitwarden with an internet-exposed server.
Are there any Auth apps that allow backup to a local server or to a file on the phone?
Strongbox is nice for that. I does a lot more though. Can be used as a Keepass counterpart on mobile.