Also I am trying to reduce the number of sites that I use Google Authenticator app with. If you ever swap phones it’s a hassle to access your account again.

@darnell Yes, Google Authenticator sucks, but 2FA is a standard so you don't have to use it even for a Google account.

I've been using andOTP for several years and I'm very happy both with the UI and the secure backup/restore features:
#andotp #android #security

@codewiz Thanks! If I ever buy an Android phone that will be blessing. Many sites now present me with the option of sending an SMS, using email or (the smart ones) realize I am using multiple mobile devices & will have me confirm via push notification on one of those (iPhone, iPad or Apple Watch).

However, there are a few that were a nightmare to navigate around, & I had to have tech support disable the Authenticator login after swapped phones.

@darnell @codewiz

Another option is to switch to a hardware 2FA device, that you can put on your keychain.
I find it both the easiest and most convenient to use and it is by far the most secure 2FA method.
(I use a YubiKey

@JonathanTreffler @codewiz I remember Google trying to sell these to me but at the time the places I needed them were beyond my control (other services that I use). My job also uses them but they only hand them to certain individuals.

@darnell @JonathanTreffler Yubikeys are quite expensive... I don't understand why nobody undercuts them by selling an equivalent product for $5.


@codewiz @JonathanTreffler Yes, they are expensive! But it might be worth the cost.

Right now I am relying on a mixture of 2FA over SMS/Push Notifications & Face ID for security.

I still think it’s crazy & hilarious that I can use Yubikeys for my iPhone 📱 & (theoretically) Apple Watch ⌚️ but not for my iPad Pro.

Sign in to participate in the conversation
Darnell (One)

Just a personal instance of Mastodon that is intended for one person. :-)