Comment on Authy got hacked, and 33 million user phone numbers were stolen

<- View Parent
9point6@lemmy.world ⁨4⁩ ⁨months⁩ ago

Well yes, the most secure way would be a single source of OTPs, however I’m happy to compromise that slightly for convenience. Having 3-4 devices with access to the OTP database isn’t a huge increase in my attack surface. An attacker would still need to steal one of my devices, rather than one specific device. Those devices would also naturally be protected by additional factors.

I understand I would have to handle the syncing of the database for aegis, I was more curious if you knew of other clients that could use the same database format on other platforms.

I’m very aware it’s a bad idea to keep your OTPs in the same database as your passwords (and in fact already make use of keepass). I would probably not even sync the databases using the same mechanism

Bitwarden/vaultwarden does seem to be the front running option if there aren’t suitable clients for reading an Aegis database on other platforms, and I’ll just ignore the password manager aspects of it even if that means it’s a heavier solution than I’d have preferred.

Thanks for bearing with me on this

source
Sort:hotnewtop