Authenticator App

I use Bitwarden (I know opinions are split when it comes to passwords and 2FA being in separate apps). But I like the convenience of it all being in one platform.

I also like Raivo, you can import/export them too.

You can set Bitwarden to require your master password for higher security logins. I keep a separate vault for work and personal things... Everything in my work vault requires it's master password to use them. The OTPs are useless without credentials, and you need the master password to get at those even when the vault is unlocked. YMMV but to me, this was "good enough" to ensure a separation of concerns between low and high risk.
- This is the first time I'm hearing about this feature and am interested. But I feel like it would be better to use a different password than your master for these higher security logins. The thought being that, if someone has access to your passwords, they likely have access to your master password as well, unless they had access to an already unlocked vault.
I use bitwarden and only put totp codes in it for “low risk” uses. Like say…a Reddit account.

Thinks like email accounts or ones associated to bank etc I keep in google Authenticator (not synced to the cloud)

I also keep a spare phone with the google auth totp codes loaded in case I lose my phone.

At the service level I also keep backup codes or use a yubikey when possible. So even MFA at the account level often has options, even if it’s “my phone is across the room and I’m too lazy, backup code time”
I also use Bitwarden both for passwords and TOTP. I secure it with password + Yubikey. Works well enough it seems! If I ever have any concerns I'll move TOTP to Aegis in a heartbeat though.

I have been using this https://github.com/beemdevelopment/Aegis Its great!
edit: I will add that 1password works well too. I use that for work

For iOS I use Raivo. https://apps.apple.com/us/app/raivo-otp/id1459042137

Same. Switched over from Authy recently and I highly recommend it!
The best!
I love the macOS clipboard feature.
That looks great! I won’t be able to switch though because I need it to work across everything, and sadly it doesn’t have web or Windows apps, which I would need for my day at work (since I can’t have my phone on me at work)

Authy for OTP, Bitwarden for passwords.

As long as my provider shows some concern for the sensitivity of the data I entrust them with, I’m good.

I use Bitwarden for both passwords and TOTP. So much easier than messing around with multiple apps.
- I trust Bitwarden but putting it all into one place still sketches me out. I only use their TOTP for low impact stuff where convenience trounces security, otherwise it’s Authy with device enrollment off, and on a yubikey.
Yeah, that's my setup as well. Tech-savvy people tend to have an all-or-nothing attitude to security, but at the end of the day, as soon as you take some extra precautions like using a keygen or activating 2FA, you're already taking yourself out of the massive pool of targets of opportunity that hackers go for.
Same here, though I'm starting to move my OTP over to Bitwarden as well. Way more convenient - as a developer, I spend a lot of time off my phone. Makes more sense to let Bitwarden manage those so I don't have to pick up my phone as often.

I'm also slightly distrustful of closed-source Authy, whereas Bitwarden is open source and audited for security by third parties.
- I didn’t even know bw could do otp?? I’ll have to look into that
- I can see how fishing your phone out for every login would get annoying! In my case, Authy works with my watch so my OTP codes are just a few taps away.
Same setup here, though since i'm on basically all Apple devices when iOS 17 public beta is out I'm going to switch to just using the built in manager. Supports two factor, and the main achilles for me was that I couldn't share passwords, but that's fixed for 17.
- I'll be sticking with Authy/Bitwarden for the near future since I float between devices of all types -- Windows, iOS, Android/ChromeOS... (Not that I mind. It avoids the whole "eggs in one basket situation").
  
  I am eagerly awaiting greater support for passkeys. Now if only enterprise apps could get on board with that!

Aegis for OTP, Bitwarden with backups from the subscription for passwords.

Aegis + Barracuda is a great combo. Would defiantly recommend

Aegis is a good one for Android. I use the totp field in my keepassdx database that I open with a password (or fingerprint) and my yubikey to store my auth codes. I use this with syncthing running on a raspberry pi so it syncs the password database across my phone and all my computers.

Edit: initially said keepassXC I meant keepassdx for the mobile app. Xc is the desktop version.

I was on Authy, but painfully migrated to Aegis. I keep a backup on my NAS just in case.

I think Authy was the better app, and good with it working on my PC, but Aegis is more secure so that won.

https://github.com/dani-garcia/vaultwarden with the official Bitwarden App/Firefox extension

Second this

I use Aegis, which automatically backs up with each change to the database to a folder that gets synced to a couple of different computers via syncthing.

For backup codes, I have a separate keypass database that's backed up to a couple of places. I thought about using Bitwarden for this backup, but having my 2FA backups in the same place as my passwords kinda defeated the point, IMO.

Anyway, this system has worked well for me.

I use andOTP but I didn't realize it wasn't in active development. I might give aegis a try. I have a yubikey and once I get a second one I may move everything to that.

I switched from andOTP to Aegis when I found out about the development and I actually like it more! I was able to import all my saved credentials easily.

I use Vaultwarden server with the Bitwarden app for all passwords and 2fa keys in one app

Yubico Authenticator and Aegis depending on the importance of the account. I have a secondary Yubikey for quick access backups and a keepass database exclusively for my TOTP keys that I backup to my nextcloud server in real time with versioning. Similarly, I backup my Aegis backups with the nextcloud app.

Yubico Authenticator + nfc yubikeys

Only downside with Yubikeys is that you can't really have backups. The solution is to have two of them, and add the 2FAs to each of them every time you sign up for a new account. It does mean you pretty much can't have offsite backups though.

Personally I keep a USB-A with NFC one on my keyring and then a UISB-C one at my desk, which covers every device I have.
Exact same setup!! I have 2 keys, one on my keychain, one in my safe! My totp is thru yubico authenticator, and some are in aegis
Same. It's just soo convenient

2FAS, because it's fucking beautiful (UI, dark mode, lovely site logos). It has a couple backup options. Also using Bitwarden (paid feature) for less important sites; it's quicker but I prefer my 2FA truly separate from passwords.

Link for anyone else: https://2fas.com/

Thanks for the recommendation, I had not seen this project before and it looks fantastic.
This looks great! Was going to give it a try, but it doesn't pull in the service name when importing from Aegis. I don't want to try it bad enough to manually edit every entry. Lol.

Another vote for bitwarden. They have self host options. I use vaultwarden to self host it.

I use andOTP, but will soon be switching to Aegis as andOTP is no longer updated.

I used Bitwarden for a while because I liked having everything on one app. A bug with their service made me spent a day without my 2FA codes, and if your subscription fails to renew by accident they also lock the codes. Noped right out of there.

I now use Google Authenticator. Nothing special, not going to be the favorite comment on a privacy community... But it works, is free, syncs across devices, is guaranteed to work well on Android. Super simple.

You can use custom Vaultwarden instances for unfettered access to Bitwarden 2fa for free, I host an instance myself

andOTP for me

I will second this. Liteweight, does only what you need. Bonus points for being on F-Droid.

Aegis on my phone and also Keepassxc on desktop.

Freeotp+

iOS now lets you authenticate from within the OS. This is super convenient in the Apple ecosystem, though I’m not sure if it’s the best for security. I do keep my iCloud now fully encrypted.

I use Aegis for important apps and store all non-critical ones in vaultwarden. It's a good trade-off in my opinion of having the convenience for less important things but still be secure and not having a single point of compromise for my critical, sensitive apps.

I use aegis for totp which has automatic backups to android cloud (Google Drive but only accessible for the app that created the folder) and for important accounts that support it I have a yubikey as well

My passwords are saved in vaultwarden

I usually just use KeePassXC, which is open source and self hosted (kinda). It's synced over onedrive, though something like syncthing would work fine too.

No backups per-se, but onedrive should handle accidentally deleted files, and the database is on a few machines anyway so the chances of anything permanently happening to all copies are rather slim.

Started with self hosting Vaultwarden

Moved onto an annual family subscription to Bitwarden

@daFRAKKINpope
What made you switch?

Raivo OTP for iOS. Open-source and allows easy exporting for backup or migration. I previously felt stuck on Authy but used Raivo's migration guide.

I was going to mention this as well. I went from Google, to Authy, to Raivo OTP and never looked back. Their sync system is great too.

They have a website too with more articles as well https://raivo-otp.com/
Another upvote for Raivo!
This is exactly what I’ve been looking for! Thank you so much.
- No problem!

An nfc enabled Yubikey so I can use it with my phone and computer

@workinkindofhard @MenacingMight definitely my favorite security tool, I just need to buy a 2nd copy in case I lose mine
Same here. I have two keys (one as backup just in case). I just wish more stuff would support FIDO2 so I don't need to have as many TOTP keys (since apparently there's a limit on how many TOTP keys it can store).
- I have 2 yubi keys for the more important systems and store the rest in bitwarden.
  
  With your 2 yubi keys, is it possible to set one up as a clone of the other? I've been manually adding to both keys but that's a pain when I don't have the backup with me.

Keepassxc Database with keepassxcxc and yubikey :)

The Moment i learned that i can use totp with keepassxc killed aeges for me :)

I've started using Ente Auth, I like it's design and how it shows you the "next" code in case the current one is about to expire. It's on F-Droid

Aegis on Android, Raivo on iOS

I use Google Authenticator with no backup. I religiously store my backup codes in my password manager. I'll probably switch to a different app soon, since I'm not a fan of the recent Google Authenticator changes.

After my Authy fiasco, I use Authenticator Pro, Zoho OneAuth, and Microsoft Authenticator.

Auth Pro is my main. The other apps are for redundancy.

I use keepass (yes, i am fully aware having the password and second factor together is bad). The only defense i have is that my database is never uploaded to the cloud and is synced either via flash drive or syncthing. Also my master password is over 20 characters with lower, capital, numbers, and symbols.

Another one with almost the same setup here (but with keepassXC)
I have the same setup. But you can avoid the risk of both being in the same place by having a passwords only DB on your pc and a TOTP/Auth only in your phone (or also in PC but with different master pass and usually closed)
- Yeah, I currently do something similar to this. I'm actually thinking of getting a pair of physical hardware keys/authenticators. That way I can toss one in a safe deposit box, if I should randomly end up dead while climbing a mountain pass.
Well, TIL it’s not a good idea to have passwords and 2FA in the same place. I use 1Password and have had almost all my 2FA’s in there since they added support for it.

The tried and trusted aught and bitwarden combo.

I usually use authy for 2fa and bitwarden for passwords

I use Authy. Its fine.

I also use Authy, it is also very handy having it handle backup on its own and also having easily 2fa from my PC is a killer option

That said, I want to move to a local and OSS one for a long time, but I'm too bored to move so many accounts..

Currently EnPass which I sync via Google Drive across all my devices, but I'm in the process of migrating to VaultWarden (self hosted) which I'll access remotely via Wireguard if I need to when I'm out and about

i used enpass for a long time; when i first got it, it was the only one that supported putting your store in someone else's cloud, not theirs, and that supported windows phone(!)

obvs time has passed; 'other people's clouds' is common and winphone is long since being a thing

I use Microsoft Authenticator. I hadn't looked into open source options at the time when I needed one and it was the most immediately apparent alternative to the Google Authenticator on the Play Store.

I use Microsoft Authenticator for work because of its integration with Microsoft 365. I hate the new "here, enter this two-digit number in the Authenticator app on your phone" pop-up, though I do understand the reasoning behind it.

Outside of work it's Authy, though.
I use Microsoft Authenticator as well - I’m on iOS and it’s the only app I found that has Cloud Sync which comes in really handy when I change phones.

I believe iOS Passwords also supports OTPs but the UX of the passwords app always felt a bit clunky to me.

I use Aegis for 2FA and keepassdx for password management. Syncthing keeps everything synced across devices without any effort on my part.

I use both Aegis and VaultWarden (self-hosted). Both can be backed up locally or synced.

KeePassXC for me…

I know it's the "worst" option now (didn't when I was signing up), but I use Google Authenticator. So far no issues and haven't locked myself out

Same, I figure as long as they don't push me to use the cloud connected backup feature I'm ok. I also started backing up the totp keys to my selfhosted bitwarden as an extra measure on top of my regular NAS+rsync.net backups of the qr images

FreeOTP+ activates my almonds quite nicely.

https://github.com/jamie-mh/AuthenticatorPro

auto backup stored in nextcloud

I use the open source BitWarden password manager as a self hosted service and I am using its otp feature as it is really handy

https://github.com/tadfisher/pass-otp + Android Password Store with an NFC YubiKey

Aegis for 2FA and KeepassDX for password managment. Both encrypted and synced every now and then to an always offline hard drive/usb stick

I was on authy and am currently migrating to bitwarden. I also love ente Auth

Also using ente, but currently migrating from bitwarden (still good) to Syncthing (open source syncing folders between devices through encrypted often direct connections, no server) with KeePass.

1password for me, as I get a family account through my work, as we have a corporate plan and every employee gets access to a family plan as a perk. The family plan is separate and not accessible through work so no one gets access to anything private, it’s just a regular 1pass account we get for free basically.

I'm using Google Authenticator. It was recommended by Discord and FACEIT at the time. FACEIT didn't let me queue for any CS:GO matches unless I had it. I don't know if i have the option to switch, but if I can... should I?

You should, Google authenticator doesn't allow you to backup your codes, the main flow to extract then is to use a series of QR to immediately import them into another device, not as a backup.
Now, they recently implemented a way to upload them to the cloud, but AFAIK that backup is not encrioted, so you're giving them away at the will of Google.

Many sites/applications only say "use Google Authenticator" but you can use any another which supports the format. I moved to Aegis and it was super easy, you start the export flow and scan the QRs in Aegis.