You’ll be prompted to hold your phone up to your computer to ‘Scan QRCode’ and capture the QR code on the Reddit site. Google Authenticator, like Authy, generates a time-dependent six-digit code, which you enter after you submit your username and password. I understand the 2FA for gmail is more secure with a security key but I am only asking about TOTP, - I understand that with Yubikey TOTP authenticator app, you need the physical key which increases the security. The convenience would be nice if there is an implementation to avoid checking my phone everytime for my websites that are setup with TOTP. Is there any advantage to use a security key (such as Yubico with the Yubico authenticator app) for TOTP. Also, using a Yubikey gives you the option of U2F where supported, whereas Authy is strictly TOTP. How do you balance convenience and security for TOTP ONLY? Does bitwarden have the ability to securely store authenticator keys and generate TOTP verification codes with microsoft authenticator or Duo, Authy & Google Authenticator the only supported service at the moment? How we tested

What do you mean by "auth" in "do strong passphrase backups and auth for the Authy app". On the next page click onto “Privacy & Security” at the top navigation. they gave you a long secret key both of you know and without this key it is impossible to create the numbers for 2fa since there are too many options even if you know how you would get the numbers from your key, Imagine if the algorithm was: key*23=logintoken, If you don't have the key the pure knowledge of that algorithm isn't that useful (of course the algorithms used are a lot more complex so that it is even more useless without the key). Wow, that seems really interesting! You can copy and edit the code in Google Authenticator, but it may not be intuitive for some people because they’re not menu options. Make sure multi-device is disabled on Authy or else it’s as weak as SMS. There's no specific feature that "kills" Authenticator but it's just a better executed app all-around with no drawbacks. Finish Setup.

However if I lose the main and back up security key, I lose all the TOTPs + I have make sure I keep all TOTP accounts are updated on all keys as I add accounts.

TOTP - Authy vs Yubico or other security key I use Authy right now, with a long back up authy password, to store TOTP codes. To capture the QR code, launch Authy … When done, click “next.”. You can change the logo or change the nickname you give the account right on the Authy app. Any info from the community would be greatly appreciate it. Google Authenticator vs. Authy Features. I've been using Authenticator for years now. Install Authy 2FA on your device by searching for it in your device’s app store. Want to [Get Started in Information Security](https://www.reddit.com/r/netsec/wiki/start)?

I have the microsoft authenticator setup for TOTP. Return to the Reddit webpage displaying the QR Code. 2FA authentication apps from Google, LastPass, Microsoft, and Authy face off against hardware options like the Titan Security Key and YubiKey for the opportunity to keep your data safe.

I have it working with MS Authenticator with a selfhosted instance of Bitwarden RS. There's no app PIN protection and your accounts and codes are immediately visible when opening the app, that already seems less secure than the authy issue you mention. Noob question: how can authenticator apps made by 3rd party? Return to the Reddit webpage displaying the QR Code. With every breach, every hack, every lost or stolen phone, online users have a similar thought: “I hope my private data didn’t just leak into the vast and very dark internet.” There’s a good reason to fear: once your personal data is out there, it’s out there for good. But isn't this less secure as I only need one device instead of two when I'm using my phone. I like authy because they have a chrome extension/desktop app. Please look below for the added Password Managers review and also take a look at our updated … MS Authen seems to use my personal outlook account as a backup if phone is lost.

I've always preferred Authy primarily because it is 10000000x better designed than Authenticator, and there's a big "copy" button next to every code, rather than having to long press to copy. And users are pretty satisfied, that is until a lost phone or a desire to switch devices forces them to make a change. Trustworthiness will always be dependent on the user but that's something you have to decide for yourself.

If I have a strong backup password, even if someone can get to my SMS, wouldn't they still not be able to access my TOTP tokens? For Microsoft accounts, use the Microsoft Authenticator app. There is also cloud backup of accounts and multi-device sync but I don't use either of those. Install Authy on your device by searching for it in your device’s app store. Yeah, I like the revamp as well but it was actually in articles about the revamp that I read that Authy was still better, New comments cannot be posted and votes cannot be cast, More posts from the androidapps community, Press J to jump to the feed. Congratulations!