Google authenticator app /lost phone

2»

Comments

  • I've been using WatchGuard AuthPoint as a replacement for my Google Auth 2FA. Works great for me.

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • I had similar issues a while ago so I tested a lot of solutions, but landed on Authy.
    The only thing that bugs me a little is that it is not open source, but I feel that the company behind it is solid enough to be trusted as much as anything else (which depending on the size of your tinfoil hat may be nothing or a lot).

  • If it's a google account be sure to save the recovery codes somewhere safe too

    @AnthonySmith said: now I went and lost my (flat) phone on a 6-acre field of long grass

    Too flat huh? Should have gone with one of these.

  • I use Authy. I have Authy on phone and multiple computers, including one set up on a VM and I keep a backup of the VM in multiple places as my worst case scenario. If everything else crashes, I can just download and spin up the VM to add new devices.

    Thanked by (1)localhost

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @havoc said: Too flat huh? Should have gone with one of these.

    >

    hehe, it was a galaxy S2 with a massive battery extender on it, so not far off.

    I hung my coat over a fence at one point next to a trench I was filling in, I am thinking I probably buried it :)

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • You just need to save 2fa token to a safe place first, then put it into GA or w/e.

  • I used to use Authy and ended up moving to one called "Authenticator Pro" on Android which is open source and seems to working really nicely so far. Encrypted backups too.

  • @jaden said:
    Aegis is open source and has a straightforward backup option.

    https://github.com/beemdevelopment/Aegis

    Android only though. :disappointed:

    @Ouji said:

    @FlamingSpaceJunk said:
    Holding passwords in Bitwarden and using it for 2FA isn't as secure as it sounds.

    Care to expand? Having a password manager and 2FA in the same device is not secure either.

    All of your eggs in one basket. Password manager gets hacked, and everything is there. Versus having to break into two systems, a password manager and a 2FA device. Bitwarden, 1password, LastPass, etc. are SaaS systems which are always on and available. Attackers have a open window to attack them, and on a long enough time line, everyone's survivability drops to zero. LastPass has had breaches in the past, for example.

    Yes, a hardware token is better as it is separate from everything, but convenience. Hardware tokens are still pretty new, but they are catching up.

    There is no truly secure system, and the goal is to make attackers lives as hard as possible. We make tradeoffs everyday, and its tough to find the balance between ease of use and security.

  • ReadyDedisReadyDedis Hosting ProviderOGServices Provider

    +1 for Authy, after it happened twice with google, I decided not to take risks anymore.

  • mikhomikho AdministratorHosting ProviderOG

    I'm using DUO (https://duo.com) for most of my 2FA and they introduced DUO Restore, where you can reconnect your old accounts https://guide.duo.com/duo-restore

    I haven't tried it myself, yet.

    Thanked by (1)localhost
  • MikeAMikeA Hosting ProviderOG
    edited June 2020

    Didn't notice until now that my Google Authenticator was updated with the transfer accounts feature. Thought it wasn't released yet.

    Now they just need a backup feature.

    Thanked by (1)FlamingSpaceJunk
  • Metal detector around the trench?

  • Ya Authy the best :)

  • @MohamadSY said:
    Ya Authy the best :)

    No. oathtool is the best, Authy can be a close second though

  • I'm late to the party but I highly recommend an open-source solution such as KeePassXC.

    Bitwarden is recommended all over the web, but I'm not too fond of it. Yes it looks nice and has all the features you could possibly want from a password manager, but everything comes down to just one developer... There is just one guy doing front-end, back-end, mobile-apps, basically everything, so the under the bus factor is quite high if you ask me.

  • @Freek said:
    I'm late to the party but I highly recommend an open-source solution such as KeePassXC.

    Bitwarden is recommended all over the web, but I'm not too fond of it. Yes it looks nice and has all the features you could possibly want from a password manager, but everything comes down to just one developer... There is just one guy doing front-end, back-end, mobile-apps, basically everything, so the under the bus factor is quite high if you ask me.

    He has been hiring other people recently. About 6 months or so IIRC

  • @Ouji said:

    @Freek said:
    I'm late to the party but I highly recommend an open-source solution such as KeePassXC.

    Bitwarden is recommended all over the web, but I'm not too fond of it. Yes it looks nice and has all the features you could possibly want from a password manager, but everything comes down to just one developer... There is just one guy doing front-end, back-end, mobile-apps, basically everything, so the under the bus factor is quite high if you ask me.

    He has been hiring other people recently. About 6 months or so IIRC

    That is good to know. I do indeed see quite some (recent) commits from a second guy.

  • @Freek said: That is good to know. I do indeed see quite some (recent) commits from a second guy.

    He also expanded on Reddit that he has a plan in case he dies or something of the sorts, so the servers won't get abandoned.

  • edited June 2020

    @Ouji said:

    @Freek said: That is good to know. I do indeed see quite some (recent) commits from a second guy.

    He also expanded on Reddit that he has a plan in case he dies or something of the sorts, so the servers won't get abandoned.

    And as always, backup your data!
    I use Bitwarden CLI (There's also PortWarden) to export my vault, then encrypt the csv/json file and upload/store it somewhere safe.

    Thanked by (1)Ouji
  • I host my own BW instance, so I keep backups of that DB.

    Thanked by (2)Naix Iroshan464
  • @Freek said:
    I'm late to the party but I highly recommend an open-source solution such as KeePassXC.

    I would also recommend this. You can store your passwords, ssh keys (build-in agent) and totp secrets. On android you can access it through Keepass2Android. The only thing which I'm missing is a build-in ssh-agent for android.

  • @Ouji said:

    @Freek said: That is good to know. I do indeed see quite some (recent) commits from a second guy.

    He also expanded on Reddit that he has a plan in case he dies or something of the sorts, so the servers won't get abandoned.

    That's good to know

    @Naix said:

    @Ouji said:

    @Freek said: That is good to know. I do indeed see quite some (recent) commits from a second guy.

    He also expanded on Reddit that he has a plan in case he dies or something of the sorts, so the servers won't get abandoned.

    And as always, backup your data!
    I use Bitwarden CLI (There's also PortWarden) to export my vault, then encrypt the csv/json file and upload/store it somewhere safe.

    If I would choose Bitwarden, I would definitely self-host it. However, I see that file attachments are a premium feature that require a license, so I won't be switching over any time soon. File attachments are a must for me.

Sign In or Register to comment.

This Site is currently in maintenance mode.
Please check back here later.

→ Site Settings