It’s time for me to move from SMS to a 2FA Authenticator app. I want something that will be open source but also ridiculously easy to back up, transfer to a new device, or replace if it is on a device that fails. I want it to be versatile enough to use across all necessary authentications. I also want to be sure that I can use the same app for many many years. I don’t want it tied into another service.
What’s my best option?
I’m using pass, the Unix standard password manager. While the original application is just a. shell script, gpg and git, it seems to have evolved more into a standard structure of encrypted files that any applications can use.
On UNIX I use gopass, on my phone I use Password store together with open keychain.
Benefits: completely self hosted, well known and robust technology, easy for developers to make applications or even just read the files youself
Cons: Need to setup and maintain gpg keys. Applications I’ve used so far seem geared to more technical people. Setting up a new device requires copying gpg keys or generating new ones and add the public key to your vault. Last I checked, no viable IOS client.
Depending on your view this can be either pro or con, but you can store your 2fa and password in the same repo, all protected by your gpg keys.