You might be using Google Authenticator, but should be using Authy.

Edit: Authy lets you easily shift multiple accounts to a new phone, whereas authenticator requires you undo and redo 2FA on many accounts. Huge PITA.

Not Open Source, but I'd reccomend Authy as an alternative to Google Authenticator:

Authy

Edit: I'm saying Authy isn't open source

I used to use Google Authenticator. But because I often do factory resets on my phone, or switch phones completely, I ended up switching to Authy. The alternative is to disable 2FA temporarily, then re-enable as soon as your phone is back.

Look into using Authy rather than Google Authenticator, it's compatible with google 2fa codes, without having to use your google account.

Note, make sure to leave the "allow multi device" setting disabled. it should only be used if you're syncing your 2fa codes to another device (which imo is better done with Titanium Backup, and then encrypt the backup.)

Das hatte ich vor einigen Monaten schon mal, damals brauchte o2 den halben Tag um das Problem zu lösen.

Ich habe das damals überhaupt erst bemerkt, weil die Android-App Authy (2FA) mich beim Öffnen darauf hinwies, dass sie nun einen eigenen Timeserver verwenden müsste. Großartige App übrigens.

If you use Authy, then your two-step codes can be backed up. If you don't want to use that, then just make sure you print out the backup codes or store them in a file on your computer. Depending on SMS doesn't work well when you factory reset, since (for me, anyway) I can't get SMS messages until after I've done the whole setup thing on the phone.

Personally, I use Authy, since they have a Chrome extension and you can get your codes there.

No, I believe it's a design decision for Google Authenticator to not back up to the cloud. This form of auth is "something you have" (ownership factor) and relies on the assumption that you're physically in possession of that device, so it's not technically secure for that to be stored in the cloud in any way.

If that sort of hard security isn't as big of a deal to you, you can use alternative 2-factor auth apps that do store backups, such as Authy.

If you don't do a wipe of the phone, and just an upgrade, then you shouldn't have to do anything with your 2FA tokens, they'll still be there. If you wipe, then you will have to set them up again.

You may wish to look into apps like Authy that actually back up and sync your tokens, so that when you do wipe or switch devices (or use multiple devices) they're just a sync away.

I really wish Google added a way to backup the tokens via cloud. Now before you mention that there are backup codes and cloud backups are insecure, let me address the following.

1. Regarding backup codes, that's specific to Google logins, and not every site has this. Many international sites won't have SMS backup either. In the Bitcoin world for instance, if you lose your 2FA tokens, you're SOL for security reasons.

2. While a cloud backup isn't the most secure for most users, in general backing up TOTP tokens IMO is far safer than having an SMS fallback given the vulnerabilities with SMS (i.e. SS7 Hack). Furthermore, Google has never been about maximizing user security to the point you can be Edwards Snowden and feel comfortable with their services. It's always been about providing a balance between user friendliness and security. The fact that Google offers to save your passwords in Chrome, means that it wouldn't be a total security failure to add a backup for Authenticator keys.

Personally, I use Authy. I find it extremely useful where I dont have to worry about losing my phone. Here are some features I find that make it very secure:

1. It's client side decrypted only. Sure it's closed source, but like LastPass, they have reiterated their commitment to security. I'm willing to bet 99% of average users don't even care about this anyway, but the fact they're willing to push that they do this is cool.

2. You need to confirm via SMS AND e-mail in the event you lose your phone.

3. In addition to #2, because its client side decrypted, your tokens are encrypted by a password that only you know per #1. So you need to decrypt the tokens even after downloading them (even if a hacker get past #2)

You can't, this happened to me when my phone broke. Start recovering the accounts that had it using a backup key or by talking to their tech support. When you set up your 2FA again I HIGHLY recommend Authy instead. It's password based so you can get into it on another phone and maybe even a web browser, never tried the browser before. https://play.google.com/store/apps/details?id=com.authy.authy

In addition to /u/CERWICK88's comment, I also personally use Authy in place of Google Authenticator. Keeps everything neatly encrypted and backed up in the cloud, for later retrieval. Play Store link, App Store link

Any android 2fa token app on chromebook will work.

example Android apps:
Authy
Microsoft Authenticator

The only way to recover it is if you have the old device and Google Authenticator still installed, if it has been removed or a factory reset performed the data will be lost. The only exception would be if you had rooted your device and performed a device image backup.

I would suggest going forward Authy over G.A. because Authy cloud syncs with encryption. You simply login to your new device, enter your sync password and all codes are restored.

https://play.google.com/store/apps/details?id=com.authy.authy&hl=en_GB

I highly recommend switching to Authy. It has a backup feature.

Made the switch from Google Authenticator and I have never been more happier

Great question! 2FA can be disabled on a root account with some work (have some experience with that). I don't believe Google Authenticator will sync the 2FA codes between devices; it didn't last time I used it.

The simple answer is Authy. It will allow you to password protect your accounts and sync them across devices. Have fun!

https://play.google.com/store/apps/details?id=com.authy.authy

>2FA is expensive. SMS may not be available in rural areas and soft tokens are expensive (on a great scale) and need replacing every few years.

They can always make it opt in. If the user has internet access (Who doesn't?) they can use an app such as https://play.google.com/store/apps/details?id=com.authy.authy&hl=en

Alright, then I'd recommend switching to authy. I switched to it recently and if you have it installed on another device, like a PC or tablet, you can easily add a new phone using one of those devices. You can also backup your 2FA codes. I don't believe authenticator has a feature like this, but I could be wrong.

1. At the time you are setting up the 2FA with any account, take the time to print out the 2-D barcode. Keep the printouts in a safe place. If you ever lose your phone, just set up again and re-scan the barcodes from the printout.

2. As an additional backup, at the time of setting up the 2FA with any site save the 2-D bar code as an image file to a UDB thumb drive.

3. Use Authy and enable the multi-device with passphrase backup. Then dont be a dumb-ass and forget your passphrase.

There's no easy way to do it if you aren't rooted (that I know of). For rooted phones you can use titanium backup. It'll work when it is restored.

For non-rooted phones, you can use Authy. You'll have to re-enable 2FA on all the websites that use it, but Authy will allow you to generate the same tokens on multiple devices . Authy also has a cloud backup service (not sure if anyone has vetted it, but I also haven't looked TBH).

Would be good, and if Steam would allow to use something like https://play.google.com/store/apps/details?id=com.authy.authy that is more universal and does what you asked, would be better.

Then again, will not going to happen since Steam Support, as of late, tries to eliminate features (gifting) that can cause potential problems for them and your suggestion falls into that category.

Checkout Authy. If your browser had forgotten your credentials you would've been screwed. At least with Authy you'll have a chance (you would need access to your phone number to activate another device so would end up swapping your SIM).

Use authy app, its much better than the google app. You can back up your authenticator accounts on the cloud so when you lose your phone or have to factory reset, you can restore them. you can also have access to them on multiple devices.

https://play.google.com/store/apps/details?id=com.authy.authy

If you use the Authy app instead of Google Authenticator when you sign up then you can have cloud synced 2FA across multiple devices at once

https://play.google.com/store/apps/details?id=com.authy.authy

I've been using Authy for years and it hasn't failed me yet. It's completely free and with no ads.

However I recently found Authenticator Pro which seems like a great option as well. It is both free and open-source, no ads and does not rely on a mobile number. Seems like a better option for the privacy conscious, just make sure you set up the backups in the app.

>why is your choice of reddit app better than Relay for Reddit?

I absolutely love Relay and would have a hard time switching to anything else. However you should be aware that in recent years Reddit has introduced many features that are exclusive to their official clients. Most notably chat messages - because I use Relay I often miss private chat messages.

FYI, for totp 2fa you should be using an app that supports backups (not Google authenticator) I think Aegis is a good option or Authy.

As far as backups, I'd recommend copying everything on your phone to your computer and I don't think all your app data will be able to be backed up, some might have data backed up to Google, but not all.

There are good reasons to install an independend 2FA application like Authy, it makes such situations much less trouble, they offer an independend backup. Never used the Google Auth app, so unfortunately I cannot help you with your current problem.

Do the identity verification again AND MAKE SURE YOU ARE IN A WELL LIT PLACE.

I helped a friend with this and the first time she did it she got denied.

The 2nd time she it did she got approved and got her account back.

Once you recover your account:

Choose a Strong password I would recommend a password manager and use randomly generated password feature.

This is the one I use: https://bitwarden.com/

(clear trusted devices, change email, setup 2fa (use an authenticator app DO NOT USE YOUR PHONE #, regenerate backup codes just incase)

I would recommend Authy https://play.google.com/store/apps/details?id=com.authy.authy&hl=en_US&gl=US

Sidenote: Authy provides all the same functionality as the google and microsoft 2FA apps, but it has the huge advantage of letting you backup your accounts.

https://play.google.com/store/apps/details?id=com.authy.authy&hl=en_US&gl=US

If you're using the google authenticator app and you change phones you'll need to disable 2FA on all accounts and start all over. With Authy you can just import your backup.

I only have the last two installed. That being said, Authy and a password manager are a must for me.

iOS link.

2FA stands for two-factor authentication. When you log in to a service with 2FA enabled, you have to provide your password and a security code. You've probably had banks or other services try to e-mail you or send you a text message with a code you have to also type in. That's 2FA, albeit a very bad implementation of it.

A good 2FA implementation will usually involve a rotating security code that you obtain via an app on your phone or a physical keyfob. I personally use Authy on my phone for 2FA. It has cloud backup options so I don't lose my security keys in case my phone gets destroyed.

The risk with 2FA is that if you use an app like Google Authenticator, then if your phone gets destroyed or stolen you can lose access to your 2FA keys. If that happens, you may be permanently locked out of your accounts. Some systems provide you with "recovery codes" that you can download, print out, and store in a safe or something. Those would let you get back into your account if you lose your security keys. But otherwise, you would be screwed.

Two-factor authentication section

Presumably you've got your migration finished now.

I will note however that you should switch to a 2FAOTP application that allows backup and migration.

I personally use Authy.

Authy handles the 2FAOTP standard like any other 2FA token generator, allows for multiple devices to be in use to generate tokens at the same time, and has verifiably secure encrypted cloud backup and restore.

At any given moment I can lose/destroy/factory reset my device with absolutely zero consideration towards my 2FA tokens, and be back up and recover them in minutes. I highly suggest making the transition.

> Consigliate di usare le app per la 2FA?

Sì assolutamente
Io uso da diversi anni Authy , mi trovo benissimo e hanno un app anche per Chrome desktop

Also use 2FA (2 factor authentication) as it requires you to have a specific device with a code that is updated every 20 or 30 seconds. I recommend putting 2FA on ALL accounts if they support it as email 2FA can be, not as reliable. I use Authy here’s a link for the iPhone version and link for Playstore one. Very good app (or at least on iPhone I don’t have an android)

Here's a tip that won't help you with your current situation, but it will definitely help you in the future:

Start your PS4 and setup 2FA again. But this time, choose an App to handle the 2FA codes. I highly recommend Authy (https://play.google.com/store/apps/details?id=com.authy.authy), but there are a lot of other Apps out there. Setting up 2FA using your web browser will only allow you to get your 2FA code using SMS, but that's very inconvenient as codes sometimes arrive late or not at all.

>You write something about 2 factor authentication. Are there any application examples?

Yes! I highly recommend Authy or in Playstore . It is a the most recommended 2FA app.

>Is it so that every time I want to log in to the browser or the Windows 10 1password app, I have to confirm a code, or can "trusted" devices be saved?

Yes! Whenever you login to a new device or browser, you will input your Master Password, Secret key, and then the 2FA code from the app which generate new 6 digits code every 30 or 60 seconds(I Am not sure how many seconds though) And yes you can set trusted device or browser, and you can de authorized them anytime.

>Is there a detailed description somewhere how to do that?

Yes sure. Just first, download the Authy App in ur android or ios. But for this, you gotta send a direct message to me because it might need some further instructions. As a privacy and security advocate person, I would gladly help you... Just Message me or Give ur Telegram number if u have cause I ain't using WhatsApp

Thank you guys. So this one? Since 3 of you suggested it...

https://play.google.com/store/apps/details?id=com.authy.authy&hl=it

I am personally using Authy for a long time. Installing various roms meant having to rest my phone alot.

It lets you backup to their cloud storage and also has an option to login on Multiple device at the same time.

I have not check if it supports WearOS but now that I think about I should set it up on my watch.

Authy is nice. They use an online backup for syncing state, so you have to trust them some. I've never used Aegis but based on the recommendations here the way it lets you sync offline is a potential advantage.

I don't believe either app works with Yubikey.

I would recommend using the app Authy ( Android or Apple ) it has a backup feature so if you lose your phone, you won't lose your 2FA

Unfortunately it does not work with external accounts. So it's good for Duo-specific accounts, but not general 2FA (like Google, Discord, etc.). Last time I transferred phones I still had to reconfigure those services.

I think Authy allows full backup of keys. I might switch over at some point.

Google Authenticator is an app that generates codes for two factor authentication. It does not have any way to backup the code generation. If your phone breaks, fails, or must be reset in some way then you will be locked out of everything.

Thankfully, /u/gabewil provided a link to an app that does have the ability to backup the code generation: authy.

You can use Authy instead of the Google Authenticator. Does the same thing but Authy has cloud backup/sync and also a Chrome Extension that will sync so you can get the authentication code on your phone or PC. And also cover you in case of a lost/broken phone.

It can probably be done, but in my experience it's quite difficult to get remote tasks based on AutoInput to work reliably, since AutoInput in most cases requires the display to be on to be able to interact with the UI. This means you'd have to set up the task to automatically wake and unlock your phone, and while AutoInput does have an "Unlock" action, it doesn't work at all on Marshmallow if I recall correctly.

For your particular use case I might suggest you take a look at Authy. There's actually a Chrome app as well, so you could get authentication codes directly from your desktop instead of having to fiddle around with Tasker.

Regarding 2-factor auth, you should check out stuff like Authy or the Google Authenticator (although that hasn't been updated in ages).

If you're looking to save money on texts in general, though, consider porting your Ting number to Google Voice. Google Voice is entirely free with unlimited messaging and calls, supports MMS fully, and allows syncing to your computer. I'd consider it; it's a great way to save on your Ting bill.

Instead of Google Authenticator, I prefer Authy as it handles more services than Google out of the box. And Mint aggregates financial sites in one interface.

I like having the ability to choose between them. One xkcd app doesn't look nice enough for me? I'll take a look at the next one. Still doesn't do it? Well, here's another one that I can try.

This two-factor auth app doesn't let me lock it down with a password or my fingerprint? Well, this next one does. And the one after that lets me hook my phone up to my computer via bluetooth and send the token wirelessly to my computer so that I don't even need to open the app on my phone! (Yes, this is a real app. Author, for iOS and droid

There is no reason at all to argue against having the ability to have a choice of different apps. That's like arguing that a two-party electoral system is better than having 10 parties with a shot at being the governing body.

• Authy The best alternative to Google Authenticator and syncs across devices.
• Backdrops Best wallpaper application ever. I usually download them and set them manually, but there is Muzei integration.
• Clover My choice for the best 4chan browser. Great gallery support and theming. Available through Devs site or on Fdroid.
• Dashlane Been using Dashline for about a month now and love it. Both the desktop client and the app are excellent.
• Fenix Best alternative Twitter client. Great layout and theming.
• Goodtime Best Pomodoro timer I could find. Very simple.
• LeafPic Great stock gallery replacement.
• Metal Pro Get rid of that battery draining FB app, use a wrapper! Swipe is great as well.
• QuickLyric Great lyric application. Wish more knew about it.
• Sync Pro Best reddit client. Fight me.
• Vortex Fantastic Twitch app.

List made using List My Apps

Also been using the Pixel Icon Pack with Nova to do this:

http://i.imgur.com/QHENdvP.jpg

http://i.imgur.com/MZpOvLH.png

This has actually been discussed multiple times on GitHub and will not be implemented as a security measure.

It is much more secure to hold all your authentication seeds in a secure database and not anywhere else. The second they are synced to a different device or somehow sent/reset via SMS (email or something else) the security of the Authenticator is undermined.

Only recently many big YouTubers were hacked as attackers managed to get their sim cards (from carrier). The same can happen to email or the synchronization/backup procedure. (Also see GitHub link bellow for other reasons)

I personally like this approach more, but if you need backup/multi device you might want to try Authy or Authenticator Plus.

Authy :

https://play.google.com/store/apps/details?id=com.authy.authy

Authenticator plus

https://play.google.com/store/apps/details?id=com.mufri.authenticatorplus

The reasons this is not implemented: (Quotes from GitHub - https://github.com/google/google-authenticator-android/issues/23)

The case that I feel it's more important to protect against is that someone borrows your phone for a couple of seconds, and extracts all your secrets. It's much easier if you can answer the question "can someone copy my two-factor credentials?" with "no".

The complete inability to export 2-step authentication secrets protects you in case somebody forces you (at gunpoint, by court order, etc.) to reveal the secrets.

Authy – Great looking 2-factor code manager with support for nearly everything.

Custom Quick Settings – For those of us lucky enough to be on Marshmallow this allows you to make your own custom quick toggles without root. (Root will add more features and make it more convenient)

Danmaku Unlimited 2 – Great vertical shmup, best one I’ve been able to find especially if you don’t like the fremium model.

Headset Menu – Great app for regular media consumers, when headphones are detected it gives you a notification with app shortcuts as well as some other nice volume features. Amazing dev as well who has added multiple features I requested.

IRCCloud – This is more than just an app but the app side of it is also nice. If you are a frequent IRC user IRCCloud acts as a bouncer allowing you to get push notifications when you are pinged and stay connected to the server at all times.

Palabre – Great looking RSS reader with offline caching, you can use your feedly account

ProShot – If you have a device that supports the Camera2 api this is a great looking camera app with support for all kinda of manual control and RAW output. It’s also on sale right now!

SuperBeam – Great app for transfers over wifi including phone to phone and computer to phone. It can transfer over wifi direct or if your computer and phone are on the same network at very fast speeds so you don’t need to plug in your USB cable anymore.

Trick Shot – Addicting physics puzzle game.

• Authy Ottimo sostituto di Google Authenticator per chi formatta spesso il telefono: non devi reinserire ogni volta i codici.

• DOI to SciHub Per chi non ha accesso a pubblicazioni scientifiche :(

• Flightradar24 Quando vedo un aereo nel cielo, voglio sapere da dove è partito e dove è diretto lol

• Keepass2Android Ottimo password manager

• Le Face Keyboard Perché le emoji mi fanno schifo e quelle integrate in GBoard sono troppo poche

• Measure Per prendere misure con il telefono senza la pretesa di una grande precisione

• MiXplorer Miglior gestore file sulla piazza secondo me

• Naptime Ti permette di risparmiare un po' di batteria quando il telefono è in standby.

• Relaxio Generatore di rumori di sottofondo che mi aiuta a rilassarmi in viaggio o quando sono in un ambiente rumoroso.

• Send

• SleepTimer Semplice timer che blocca la riproduzione di musica dopo X minuti

• Stellarium Per orientarsi nel cielo stellato

• TV Time Per tenere traccia delle serie tv

• VLC Mobile Remote Trasforma il cellulare in un "telecomando" in grado di gestire VLC sul pc

• Get Authy (free) for Two-Factor Authentication

• Google Play Store or iTunes Store

• Follow the simple and quick guide to configure it with Discord

(I prefer Authy, but Google Authenticator or andOTP are also worth a look)

For those interested, check out Authy. It's plugin/app that saves most of your 2FA accounts(eg. Hotmail, Gmail, Kickstarter) into a single password protected vault. It can be run from your phone or browser.

It's also recommended by CIG.

It's made managing all the 2FA accounts much easier. And a note, make sure you use a very strong password for the main account. Use a password generator/keeper to get a real complex one if you want.

Authy :

https://play.google.com/store/apps/details?id=com.authy.authy

Authenticator plus

https://play.google.com/store/apps/details?id=com.mufri.authenticatorplus

I think Authy is what you're looking for. I'm pretty sure LastPass was recently added.

Authy 2 Factor Authentication.

You should definitely use Authy. Way better than Authenticator, I think.

https://play.google.com/store/apps/details?id=com.authy.authy&hl=en

Ho formattato, adesso la vedo anche io.

I would suggest using Authy instead of Google Authenticator.

Authy

Ho formattato, adesso la vedo anche io.

Did you try Authy?
https://play.google.com/store/apps/details?id=com.authy.authy

I like using authy, you can keep all of your 2fa in it and add a nice widget to your home screen to easily get your codes

https://play.google.com/store/apps/details?id=com.authy.authy

Authy - Free (App Store) (Google Play) (Website)

I have enabled two-factor authentication on all of my internet accounts that support it, and I wanted a single application for all of the authentication codes. Google Authenticator seemed like the best option and is really great, but wasn't perfect. It didn't put my Tumblr information in right no matter how many times I did it, Humble Bundle didn't support it, Steam and Battle.net required separate apps and Twitter uses SMS. I resigned that Steam and Battle.net were going to require their own apps, and that Twitter would require me to use their app or SMS (Tweetbot for life, so SMS it was). Humble Bundle could us an SMS code or an app called Authy. Turns out Authy also supports any website/service that supports Google Authenticator codes, so I re-setup all my authenticators into Authy and it's a much better app. Supports TouchID for unlocking, or passcode lock if you don't have a fingerprint reader, has a Chrome App and extension so you don't have to grab your phone all the time, and is just a beautiful app in general.

Yes

https://play.google.com/store/apps/details?id=com.authy.authy

I won't suggest you to use google authenticator because you can install it only on one device at a time. Which is very risky if you loose your device.

Use Authy or Authenticator Plus.

I am using authy. I highly recommend you to read some articles before you enable 2FA. It is important because If you don't enable multidevice & backup option, You might have some trouble if you loose your device. Also having an app on different devices will make your job easy.

• Google authenticator vs. Authy

• Understanding 2FA

• When you enable 2FA on your google account, You will have to use google authenticator for first time setup. Then you can install authy and make switch to authy.

• After you switch to authy, You can enable "Backup" option. It is helpful when you install authy on other devices. It will ask you to give a password. Keep a good and long password. (20+ characters long). Don't forget this password. Write it down on a paper and put it in a safe place.

• Make sure Multi device option is on. (You can check it from settings menu of authy app.)

After that install authy on other devices. So that in case if you loose your phone or you don't have your phone with you, You can still use code from other devices.

• After you install authy on your 2-3 devices, check all accounts are synced or not. If everything is fine, now go to your main device. Open authy and Disable "Multi-device" option.

• Once again go to your google account. 2FA section or security section and save "Backup codes" for your google account. It gives you 10 backup code which you can use to log in to your account if you don't have access to codes from 2FA app(authy). Make sure you print this codes and put it in a safe place.

• Video guide & steps to enable 2FA for Google account - Watch this video till 14:50.

I have my authy account installed on phone, PC and tablet. And I keep 2 google backup codes in my wallet in case If I need it.

You can also check "Don't ask for 2FA on this device" while logging in your google account from your personal device. So that you don't have to put codes everytime.

Authy also supports 2FA for other websites like Facebook, Twitter, Dropbox, Slack, ProtonMail and Many more. Google authenticator also supports 2FA for different websites.

It's easier if you use Authy. But yeah, it's still a pain to re-login to everything.

J'utilsie authy perso, je peux rentrer absolument tout mes services 2FA à part steam qui fait chier.

• Authy is a must have for two factor authentication
• Backdrops for cool wallpapers
• Device Manager You know when a friend loses their Android phone? Fire this up, let them login to their Google, instant hero
• Fabulous Fantastic app to build positive habits and be happier!
• Greenify Minimize the time apps you don't use all the time run to maximise performance and battery life. Your phone will keep fast for a lot of time.
• Helium Allows you to make physical backups of the apps that don't use Google's backup system. It also backups SMS messages and your keyboard's dictionary so you don't have to lose them if you restore / switch phones again!
• Nova Launcher Fantastic customisable launcher EVERYONE should use. Lightweight, probably better than what you have, will speed up everything else too in many cases
• Nova Launcher Prime License for Nova. It's on sale now, so go pick it up!
• Pocket Also get the chrome extension. This is your new favourites / read it later / email to yourself. Share any item you want to get back to later to this!
• Pocket Casts Best client to listen to podcasts
• SD Maid Non - bullshit cleaner that helps you maintain your device
• Sleep Advanced alarm app to replace the official one. Once you explore its features, you will never come back!
• Solid Explorer Best file manager
• Spotify Get Premium. This is all the music you will ever need.
• Twilight Dims your screen at night so your eyes don't hurt
• Weather Timeline Best weather App

List made using List My Apps

You should switch to Authy. All your codes are backed up and synced among your devices.

When you finally get your account back, I'd recommend something like Authy for your future MFA codes.

> Google authenticator

Have you tried Authy?

Authy 2-factor authentic app. It's like Google authenticator but support multiple devices synching which is very useful.

You should check out Authy

• Authy - It's like Google Authenticator but more awesome (info)
• Pushbullet - Notifications to and from your pc (info)
• MX Player - Video player
• Pocket Casts - podcast player (info)
• Spotify - Because I can't stand silence

I use authy which does backups, really nice. https://play.google.com/store/apps/details?id=com.authy.authy

It's pretty hard to find a download link on this website that's dedicated to promoting this download link, sigh.

https://play.google.com/store/apps/details?id=com.authy.authy

I highly recommend Authy by Twilio.

Authy - https://play.google.com/store/apps/details?id=com.authy.authy

MX Player - https://play.google.com/store/apps/details?id=com.mxtech.videoplayer.ad

NextDNS - https://play.google.com/store/apps/details?id=io.nextdns.NextDNS

I use Authy

Have you considered using Authy instead? It allows for multiple devices.

Authy

Don't use Google Authenticator or you can risk losing everything, use authy instead it just better

https://play.google.com/store/apps/details?id=com.authy.authy

Try today. Try for example on this app:

https://play.google.com/store/apps/details?id=com.authy.authy

We had to remove this comment as it contains a referral link but they did share some good information so here's that part for anyone reading.

>Also download some 2FA authenticator for security like Google Authenticator or AUTHY which really secures your account.

AUTHY 2FA - https://authy.com/

https://itunes.apple.com/us/app/authy/id494168017

https://play.google.com/store/apps/details?id=com.authy.authy

Twilio Authy 2-Factor Authentication | 3.7 rating | Free | 5,000,000+ downloads | Search manually

> Authy brings the future of strong authentication to the convenience of your Android device. The Authy app generates secure 2 step verification tokens on your device. It help’s you protect your account from hackers and hijackers ...

|Feedback|PunyDev|Lonerzboy|

I'll look into that.

The play store brings up something called Twilio, is that it?

https://play.google.com/store/apps/details?id=com.authy.authy

Yeah! This one https://play.google.com/store/apps/details?id=com.authy.authy

Authy - https://play.google.com/store/apps/details?id=com.authy.authy

It shouldn't matter though. Don't they all follow a standard?

https://play.google.com/store/apps/details?id=com.authy.authy

Authy and Microsoft Authenticator

>i token per la doppia autenticazione

https://play.google.com/store/apps/details?id=com.authy.authy

...chiaro, ti ci devi fidare..

Sweet. No worries.

Just remember if you do end up deploying a firewall on the machine that you'll need to explicitly allow the services you're using access outside of the tun0 interface.

This is the way I provision ssh across my network. The server that handles my OpenVPN instances is a dedicated machine (just another Raspberry Pi 3, with a gigE USB ethernet adapter) that also serves as the gateway to remote access, basically.

From within the full tunnel VPN (I have both full and split tunnel instances, the former for remote access the latter purely for remote blocking DNS on mobile devices) I can gain SSH access which starts a dynamic screen session automagically and from there I can gain further ssh access to my other machines on the network as required.

I use Authy on Android to manage the 2FA token generation from the Google OAuth libpam module I mentioned earlier. It can sync encrypted backups of your 2FA tokens, which is a useful feature that other implementations I've tried don't offer.

I'd highly recommend adding a second authorization factor to your secure shell login, even if it's secured behind a VPN for remote access. It doesn't add a considerable amount of time to the login flow, security conscious people should already be using and used to a two factor login flow anyway, and it protects your sessions even in the case of credential loss. Someone could have your passphrase and key and still not be able to authenticate.

Another underrated simple step to securing your sessions is to limit sshd access by group and user. In your sshd.conf you can limit ssh access to any one or number of users and groups. Personally I only allow sshd access when the combination of both user=saint and group=ssh is true, and ensure that the user saint is a member of the ssh group.

It's largely unnecessary overkill for an ssh receiver that never touches the open internet, but these things are good practice and so easy to deploy that you might as well.

For your ssh you can also use google-authenticator-libpam to add time based codes to your ssh login.

​

On debian/ubuntu:

sudo apt update && sudo apt install google-authenticator-libpam

google-authenticator

Do you want authentication tokens to be time-based (y/n) y [...] Do you want me to update your "/home/dugite/.google_authenticator" file? (y/n) y [...]

You will see a QR code/secret key that you can scan with a TOTP app like andotp, authy or google authenticator (WARNING Google authenticator has no backup options). There are also your emergency scratch codes.

​

In /etc/ssh/sshd_config Add:

# Use Challenge Response Auth i.e. TOTP ChallengeResponseAuthentication yes # Require both publickey and TOTP AuthenticationMethods publickey,keyboard-interactive

​

In /etc/pam.d/sshd

# Comment out Standard Un*x authentication. # @include common-auth # Load the google TOTP Authentication module auth required pam_google_authenticator.so

​

I made this a blog post

When you enable 2FA again switch to Authy.

2FA codes are synced to the cloud, encrypted and accessible with a backup password.

https://play.google.com/store/apps/details?id=com.authy.authy

I had been using 2FA with andOTP for ages. I was thinking about writing an app to do this, in Electron too. Now you've done it /u/j_l-w I won't have to. On a side note this is what I discovered independently back in December 2018.

The reason I use andOTP and not Authy is because that is proprietary software and not open-source. I also don't install Gapps and I run LineageOS on my phone.

How

I looked at /data/data/au.gov.dhs.centrelink.mygovauthenticator/files/sharedSecret however that file is encrypted. When I did an internet search for the filename of the other file in there, myGov.ks I found a de-compilation of the app was returned.

To get around this I had to get a copy of the encrypted secret before it landed on the phone and the app encrypted it. To do this:

1. I performed a Man-in-the-middle attack on myself in order to strip the encryption off the TLS session (ie peek inside the https). I used Charles Proxy. Video here and configured a HTTP proxy on my phone. This is a HTTP proxy which issues a different certificate that I hold the private key for. That means I can look inside the https encrypted requests. The HTTP proxy handles the connection to MyGov.

2. I was able to add a new root certificate on an old phone which I plan to erase afterwards. It ran Android 6.0 so it was easy. If you’re not using an old phone you should make sure you remove the certificate authority afterwards.

• I could have used the Android Emulator instead of a phone if I didn’t have an old one. Note in Android 7+ developers have the option of preventing you from using user certificates but adding the certificates to the root store will bypass that. Another method included Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp fortunately I didn’t need to do that either.

• The MyGov app at this time doesn’t employ a network security configuration. They also aren’t using certificate pinning either.

• There are ways around that such as SSLUnpinning_Xposed. This will work as long as they don’t decide to get their app to ‘check for root’, although there are ways to hide root using Magisk should they do that in the future.

• The system that MyGov uses on their back end seems to be IBM’s api_client_totp.

• I observed that api.my.gov.au returns a json file ie <code>https://api.my.gov.au/authbiz-ext-sec/api/v1/authclients/{{client_id}}/totpcredential.json</code> which contains the base64 encoded secret.

• I then converted this to base32 (what andOTP expects) and added it using SHA512 hash. The command I used for converting to base32 was (on my Linux system). The sed portion simply removes the new line: echo "base64 encoded SECRET" | base64 -d | base32 | sed '/^/{N;s/\n//;}'`

It works great, now I don’t need to use the MyGov app and I am free to use andOTP or whatever I want on my new phone that isn’t Android or iOS. It would have been better if MyGov had implemented this with a QR Code.

What I discovered

However the “myGov Access - code creator“ will call home every time you open it as I said previously. You might be curious to know what is actually in this transmission.

This occurs after you’ve paired the phone with the MyGov account and received the shared secret. The app makes two HTTP GET requests:

• The first is to <code>https://api.my.gov.au/authbiz-ext-unsec/api/v1/meta/time.json</code> which returns the current server time in ISO 8601 format ie: { "serverTime": "YYYY-MM-DDTHH:MM:SS.sss+0000" } which I wouldn’t have thought was necessary as Android keeps the time up to date with it’s service NetworkTimeUpdateService, aka Network Time Protocol the way any computer does. There’s also NITZ which is a way of doing the same thing over the cellular network without the internet. That’s the way that old dumb-phones did it.

• The second is to <code>https://api.my.gov.au/authbiz-ext-unsec/api/v1/authclients/{{client_id}}/authappmetadata.json</code> your {{client_id}} is unique to the device you signed up with when you logged into your MyGov account with the “myGov Access - code creator“ This appears to serve no purpose as the authappmetadata.json only returns {} ie a .json file with no data.

A 2FA app is probably better? Something like Authy?

Authy to share 2FA

bitwarden to share passwords

Standard Notes to securely share notes or Google Keep (not so secure)

Besides Telegram, I also use Skype to quickly share small files / texts / links, note that you can't send stuff to yourself (like you do so with Telegram) but you can create a chat group which only has yourself and send stuff there.

* [Authy](https://play.google.com/store/apps/details?id=com.authy.authy)

* [Contacts Sync](https://play.google.com/store/apps/details?id=com.lb.contacts\_sync)

* [CPL](https://play.google.com/store/apps/details?id=ru.whatau.cpl)

* [Daygram](https://play.google.com/store/apps/details?id=net.saltycrackers.daygram)

* [Email](https://play.google.com/store/apps/details?id=com.easilydo.mail)

* [Files](https://play.google.com/store/apps/details?id=com.google.android.apps.nbu.files)

* [Fluid N.G.](https://play.google.com/store/apps/details?id=com.fb.fluid)

* [Google Pay](https://play.google.com/store/apps/details?id=com.google.android.apps.nbu.paisa.user)

* [List My Apps](https://play.google.com/store/apps/details?id=de.onyxbits.listmyapps)

* [Wynk Music](https://play.google.com/store/apps/details?id=com.bsbportal.music)

List made using [List My Apps](https://play.google.com/store/apps/details?id=de.onyxbits.listmyapps)

If decided to use a phone, look no further: https://play.google.com/store/apps/details?id=com.authy.authy

Authy 2-Factor Authentication

Nova Launcher

I use Authy, which has secure cloud backup in it.

https://play.google.com/store/apps/details?id=com.authy.authy

Make dure to either disable 2FA before wiping or have those backup codes that are created when you enable 2FA on that account somewhere safe (which you should have).

In the future, you could enroll the 2FA in an app which allows secure backups of the secret keys (ie: Authy, andOTP).

Some password management apps like LastPass (easier) or KeePass2Android (IMO more for advanced users) can also deal with that, but you'll be basically putting your eggs in the same basket, which might not be a good idea depending on your threat model.

Backup your authenticator by using Authy. Better than googles own: https://play.google.com/store/apps/details?id=com.authy.authy&amp;hl=fi

Can't agree more. Constantly flash ROMs on my phones. Have been using Authy for the longest of times.

https://play.google.com/store/apps/details?id=com.authy.authy&amp;hl=en might work as well...

I use Authy. Same thing as Google Authenticator, but Authy makes it easier to transfer your 2FA account to a new phone.

Or even better use Authy, which works for many different two-factor sign ons and works offline.

https://play.google.com/store/apps/details?id=com.authy.authy&amp;hl=en

What about Authy?

What about Authy?

I'd recommend Authy over Google Authenticator.

This sounds awesome. Do you mean this app? If I install it, do I need to have Google's Authenticator app installed also?

Google Authenticator? What is this? the 90's?

Use Authy, after losing my codes for the 3rd time, I searched for a solution...

Google doesn't even try to improve their Authenticator RIP

This is both good and also could be bad as long as your attention to keep that "single" email safe because once hacked, all accounts tied to it would be gone that you're creating a bottleneck for hacker accounts while easing your job to handle different emails.

Steam's and B.Net's stubbornness to use their own Authentication aside, many Sites, Gaming Accounts and lot other use 2FA Authentication yet compared https://play.google.com/store/apps/details?id=com.authy.authy, Google Authenticator is weaker as Authy allows Multiple Devices for Code generation as well as Backups to recover which none of them present for Google Auth.

While you're at it, also install https://play.google.com/store/apps/details?id=ru.org.amip.ClockSync (or another doing same thing) as 2FA are time dependent and not all Android devices are syncing properly to match those services time as using 2 Samsungs and 1 LG to find their time within same location can mismatch by seconds to resync by that app to get correct 2FA codes.

In addition, you can also use https://lastpass.com/misc_download2.php and rotate your passwords from time to time to add extra layer of security as you should also put Screen Lock to your phone to intercept unwanted manipulation.

Switch to Authy instead of Google Authenticator.

or use Authy.