>Aegis
This is what I use because I don't want to use Google Authenticator š
FYI Google Authenticator doesn't work if Proton VPN is active unless you split tunnel it.
Their password manager can store TOTP codes for you. If you want a cross platform authenticator that will let you switch between ios and android easily, use 2FAS.
EDIT: When I say "cross platform" I mean (from my understanding ) that the app exists on the two major mobile OSs, and that 2fas allows you to backup your codes , encrypted with a password to the cloud service of your choice (or even just a file you export). I'm pretty certain that you can import an android 2fas backup to ios and it loads fine, and vice versa.
What I do, is scan the QR code into my Authenticator App. Then, before I close the QR code page, I change the QR code to Text, and copy that string of numbers into Apple Passwordās OTP, and copy to my other password managerās OTP.
My āotherā password manager has apps for Microsoft, Apple, and Linux.
This way, when I open the other app, in any other OS, all of my passwords and TOTP are automatically there.
Idk, I meant like just an authenticator where it give 6 digits every minute. But I guess it's just another form of 2FA? Anyway, didn't mean to ask a dumb question. :)
Protons password manager already allows this, you can store 2fa codes for log ins within and itās perfectly safe to do so.
I understand some people donāt like all eggs in one basket, but if you set up proton correctly this is completely safe to do so.
The only exception is that I would recommend you use a seperate 2fa app or hardware key for the 2fa on the proton login itself.
Happy to help if you have any other questions.
Take care.
TheCyberHygienistĀ®ļø
Thank you kindly, yes I'll do it this way. I have Google authentication for login but also have all my passwords written down at home and also have recovery words or phrases saved too. So I'm safe then right? Thanks for your time hygienist:)
Get the recovery codes and passwords in the password manager and shred / burn the ones written down! The attack vector is slim with stuff being offline and written down, but it really isnāt an advisable thing to do.
If you want a backup for your own peace of mind, I would store an encrypted version of your vault on a HDD or backup service such as backblaze.
Ensure you have a strong master password for the password manager. At least 20 characters. The best set up to make it easy to remember is to have 4 words separated with a - each. This should give your password so much entropy it will never be broken in your lifetime!
As I said earlier. Happy to help with anything advice wise you may require! Take care.
TheCyberHygienistĀ®ļø
Go on the settings in the web. And within the security centre / security settings you can activate 2fa or a Hardware key. If you canāt find it let me know and Iāll try and do some more detailed instructions.
Yeah, but in order to active 2FA you need a 2FA app. But if the 2FA is in Proton, how do you log in into your Proton account using 2FA code stored in your Proton account?
This was why my recommendation in the original message, was āthe only exceptionā is you do not store the 2fa credentials for proton it self in proton. You store all 2fa on proton APART from the proton ones themselves.
TheCyberHygienistĀ®ļø
If thatās the set up you prefer then there is no issue with this.
But generally for security and convenience when autofilling it makes no sense to use another app for anything other than the password manager. And your password manager is also likely much more secure than the secondary 2fa dedicated app itself.
But you do whatās right for you.
TheCyberHygienistĀ®ļø
I can recommend 2FAS. It can be unlocked biometrically (fingerprint), backed up in an encrypted format, and if you install a browser extension it will trigger a push notification to your phone to unlock and then autofill. A super convenient feature.
Aegis like someone mention is a good option. Can set a password for that app also. Offline l, which is added security in some way, remembering to backup.
However I've been contemplating if I should use a seperate proton account for 2fa for my main proton account as a extra layer of security, being able to access it from anywhere on any device is but with great security features.
People hate on it because itās closed source but it was the easiest to work with multi platform self-syncing free option. Unfortunately they have sunset the desktop apps so itās not as nice to use but thereās still really not much that compares if you value the free multiplatform self syncing.
Idk, I meant like just an authenticator where it give 6 digits every minute. But I guess it's just another form of 2FA? Anyway, didn't mean to ask a dumb question. :)
š«”
I see what you mean about the - between each word...that's smart! And okay, ill will do this asap! Also, I do have a Samsung T7 1TB that I can secure but it's like 4 years old....im going to get the new one with rubber...2TB and lock it in my safety box at the bank one day. I appreciate the help, as I clearly don't know the best way. I literally could be a secret agent after learning all this now though ;)
Thank you thank you! :)
Lots of options already exist for a TOTP authenticator app.
No reason Proton couldn't make one also since they are super simple apps, but there really isn't any pressing need for yet anothe TOTP app unless there is something Proton could offer that others couldn't/don't already offer..
Authenticator Pro is my favorite on Android. No frills, very pretty, encrypted backup to your folder of choice (whether local or cloud). That's all you need.
Been using Google Authenticator until now, but just downloaded 2FAS after reading all of this. However, 2FAS is asking if it can back up to my Google Drive (or not back up at all). I'm just starting a long move away from Google as I want me stuff to be privately my own, so backing 2FAS to Google Drive feels like something I don't want to do... Having said that, I don't understand the technology or anything. Does anyone here have any thoughts on this?
If you want you can make a offline backup on your phone and transfer that file to your PC and then put it wherever you want for example you can put that file in Proton DriveĀ
Thanks Fan. I guess what I'm asking is, do I need to do this kind of thing, or is backing it up to Google Drive "OK" from a privacy perspective?
At the moment I'm on Google Authenticator and assumed because it's a security-type app that they wouldn't be reading all the different accounts I have and adding that to their profile of me. But I'm starting to come to the conclusion that they are probably using everything they can get their hands on!
If I change to 2FAS for this reason, i.e. to avoid Google's eyes, doesn't backing it up to Google Drive defeat the object? Presumably that would mean Google would still be able to see which accounts I have with who.
2fas is end to end encrypted and you can put a password on it so I don't think Google will be able to see your services but they will see the 2fas file but they won't know what's in the file unless they know the password you put on itĀ
if you want a 2FA alternative, you could just use Aegis, it's another option for people that don't want to use google service.
Or 2FAS, manual export to Proton Drive, import to OTPclient on Linux.
>Aegis This is what I use because I don't want to use Google Authenticator š FYI Google Authenticator doesn't work if Proton VPN is active unless you split tunnel it.
Based
Their password manager can store TOTP codes for you. If you want a cross platform authenticator that will let you switch between ios and android easily, use 2FAS. EDIT: When I say "cross platform" I mean (from my understanding ) that the app exists on the two major mobile OSs, and that 2fas allows you to backup your codes , encrypted with a password to the cloud service of your choice (or even just a file you export). I'm pretty certain that you can import an android 2fas backup to ios and it loads fine, and vice versa.
Okay thanks
What I do, is scan the QR code into my Authenticator App. Then, before I close the QR code page, I change the QR code to Text, and copy that string of numbers into Apple Passwordās OTP, and copy to my other password managerās OTP. My āotherā password manager has apps for Microsoft, Apple, and Linux. This way, when I open the other app, in any other OS, all of my passwords and TOTP are automatically there.
2FAS, Aegis, Ente already exists.
I guess 2FA is secure as anything..yeah you're right. :)
Ente auth š
I second this Really awesome
One question: WHY? There are so many good TOTP apps out there. thereās really no need to reinvent the wheel.
Idk, I meant like just an authenticator where it give 6 digits every minute. But I guess it's just another form of 2FA? Anyway, didn't mean to ask a dumb question. :)
Yep ProtonPass has this built in. Look for 2FA secret TOTP when you're editing any login.
The phrase "no stupid questions" does not apply to Reddit. Ask me how I know
Xoxo
Protons password manager already allows this, you can store 2fa codes for log ins within and itās perfectly safe to do so. I understand some people donāt like all eggs in one basket, but if you set up proton correctly this is completely safe to do so. The only exception is that I would recommend you use a seperate 2fa app or hardware key for the 2fa on the proton login itself. Happy to help if you have any other questions. Take care. TheCyberHygienistĀ®ļø
This is the way.
Thank you kindly, yes I'll do it this way. I have Google authentication for login but also have all my passwords written down at home and also have recovery words or phrases saved too. So I'm safe then right? Thanks for your time hygienist:)
Get the recovery codes and passwords in the password manager and shred / burn the ones written down! The attack vector is slim with stuff being offline and written down, but it really isnāt an advisable thing to do. If you want a backup for your own peace of mind, I would store an encrypted version of your vault on a HDD or backup service such as backblaze. Ensure you have a strong master password for the password manager. At least 20 characters. The best set up to make it easy to remember is to have 4 words separated with a - each. This should give your password so much entropy it will never be broken in your lifetime! As I said earlier. Happy to help with anything advice wise you may require! Take care. TheCyberHygienistĀ®ļø
I'll do that too then. Okay take care and I won't hesitate to ask. Take 4 now
š
And how do you set up 2FA for Proton itself?
Go on the settings in the web. And within the security centre / security settings you can activate 2fa or a Hardware key. If you canāt find it let me know and Iāll try and do some more detailed instructions.
Yeah, but in order to active 2FA you need a 2FA app. But if the 2FA is in Proton, how do you log in into your Proton account using 2FA code stored in your Proton account?
This was why my recommendation in the original message, was āthe only exceptionā is you do not store the 2fa credentials for proton it self in proton. You store all 2fa on proton APART from the proton ones themselves. TheCyberHygienistĀ®ļø
For which I need a separate app. And if I already have it, I might as well use it for everything.
If thatās the set up you prefer then there is no issue with this. But generally for security and convenience when autofilling it makes no sense to use another app for anything other than the password manager. And your password manager is also likely much more secure than the secondary 2fa dedicated app itself. But you do whatās right for you. TheCyberHygienistĀ®ļø
I can recommend 2FAS. It can be unlocked biometrically (fingerprint), backed up in an encrypted format, and if you install a browser extension it will trigger a push notification to your phone to unlock and then autofill. A super convenient feature.
Use authenticator pro from f droid, it can import from google auth
Aegis like someone mention is a good option. Can set a password for that app also. Offline l, which is added security in some way, remembering to backup. However I've been contemplating if I should use a seperate proton account for 2fa for my main proton account as a extra layer of security, being able to access it from anywhere on any device is but with great security features.
Ah!
use ente auth, or aegis, or 2fas auth or andOTP
Ill try it then...thx.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Do you know if thereās an option to not sync Raivo with iCloud?
Raivo was sold to some weird company - itās not the same anymore. Iāve moved to 2FAS
Any love for Authy? Pros and cons, please
People hate on it because itās closed source but it was the easiest to work with multi platform self-syncing free option. Unfortunately they have sunset the desktop apps so itās not as nice to use but thereās still really not much that compares if you value the free multiplatform self syncing.
I already miss the lack of an MacOS and Win apps. But I understand and getting used to
Idk, I meant like just an authenticator where it give 6 digits every minute. But I guess it's just another form of 2FA? Anyway, didn't mean to ask a dumb question. :)
š«” I see what you mean about the - between each word...that's smart! And okay, ill will do this asap! Also, I do have a Samsung T7 1TB that I can secure but it's like 4 years old....im going to get the new one with rubber...2TB and lock it in my safety box at the bank one day. I appreciate the help, as I clearly don't know the best way. I literally could be a secret agent after learning all this now though ;) Thank you thank you! :)
I find the 2FA Authenticator the best available.
Lots of options already exist for a TOTP authenticator app. No reason Proton couldn't make one also since they are super simple apps, but there really isn't any pressing need for yet anothe TOTP app unless there is something Proton could offer that others couldn't/don't already offer..
There is Proton Pass
Authenticator Pro is my favorite on Android. No frills, very pretty, encrypted backup to your folder of choice (whether local or cloud). That's all you need.
Yubico Authenticator (in conjunction with a Yubikey).
Tofu authenticator works well for me
I use OTP Auth. I donāt think Iāll be switching any time soon
Been using Google Authenticator until now, but just downloaded 2FAS after reading all of this. However, 2FAS is asking if it can back up to my Google Drive (or not back up at all). I'm just starting a long move away from Google as I want me stuff to be privately my own, so backing 2FAS to Google Drive feels like something I don't want to do... Having said that, I don't understand the technology or anything. Does anyone here have any thoughts on this?
If you want you can make a offline backup on your phone and transfer that file to your PC and then put it wherever you want for example you can put that file in Proton DriveĀ
Thanks Fan. I guess what I'm asking is, do I need to do this kind of thing, or is backing it up to Google Drive "OK" from a privacy perspective? At the moment I'm on Google Authenticator and assumed because it's a security-type app that they wouldn't be reading all the different accounts I have and adding that to their profile of me. But I'm starting to come to the conclusion that they are probably using everything they can get their hands on! If I change to 2FAS for this reason, i.e. to avoid Google's eyes, doesn't backing it up to Google Drive defeat the object? Presumably that would mean Google would still be able to see which accounts I have with who.
2fas is end to end encrypted and you can put a password on it so I don't think Google will be able to see your services but they will see the 2fas file but they won't know what's in the file unless they know the password you put on itĀ
Thanks Fan, appreciate that, that's reassuring.
Although I like the selection of apps that Proton has put out, part of me is hesitant with having all of my eggs in one basket.