Hey!
I basically want to replace the Google Authenticator app in style and functionality:
- List all TOTP tokens and their validity time (with a name and order I decide).
- Allow me to periodically or on change back up the whole thing to some off-site storage, keeping the last
Nbackups. - Have a native app for Android or an actually good PWA.
- Don’t do magic bullshit like fetching icons, hide tokens, etc.
- Be actually secure (i.e. don’t roll your own auth)
- Just be a TOTP manager, and nothing more! No, I’m not interested in a password manager, thank you. I also don’t want any other OTP methods I don’t use.
- Don’t be a one-man projects where the availability is not clear in >1 year.
Any experience is welcomed. Thank you!
To keep your two factor codes and passwords separate in the event that your password manager is breached.
Also if you need a 2FA code to log into your password manager, how are you going to get it if its in the password manager that you can’t log into without the 2FA code inside it?
Fair enough.
I decided against web/network-based password managers for my personal needs since the additional attack surface is a concern. A Keepass database file synced across machines strikes a good balance for me (requires password + keyfile to open). It’s also simple to backup and protect.
So yeah, for you use case, I’d recommend Aegis Authenticator.