Migrated my TOTPs to @ente Auth. It's an open-sourced no bullshit app that does the job right. Can run offline, and defaults are offline (unlike @2fas , which enables iCloud as default ), locally encrypted keys, could be unlocked via face ID, and you can export encrypted backups. It could also import from raivo and other tools, and is not a total piece of product. so all of my concerns are covered.
@ho1ger@dentaku I also use bitwarden + selfhosted vaultwarden as well 😊
However, I believe storing passwords + TOTP codes together is a bad practice overall, so I try to avoid it.
I could theoretically raise a second vaultwarden container instance just for totp, but it'd be hard to manage on the client side, going back and forth between accounts.
That's why I'm looking for a totally offline open-sourced totp app (I could be okay with selfhosted backends though).
@tobi Heya, thanks for the suggestion! This looks quite decent! If only it was open-sourced. However, I'll definitely check this and will try if it's actually secure, as it claims. Thanks!
@zaherg Nope, not leaning my 2fa codes to a closed source product 😆
In all seriousness, I already use @bitwarden + #vaultwarden open source alternative backend self-hosted, so even though that may be a good alternative, I don't need to overcomplicate my flow.
@zaherg I'm not sure if vaultwarden supports it (I didn't check), but nevertheless: It's not a good practice to put TOTP codes and passwords in the same basket, even if they are totally self-hosted. So I'm avoiding it.
@zaherg I'd rather not run any service and make it totally an offline app, like it's 1993 😆 For ideal 2fa appliance, the code should be generated locally and not touch any services.
If I go that route, as 2fa definition, even my ISP, or VPN provider, or Cloudflare proxy etc. could be a attack/risk factor, if I'm that paranoid or perfectionist (I'm not, just lazy 😂 and since offline app covers the definition and it's just an app so I'd go that route instead)
Add comment