@@NazmusLabsOne day you woke up in the morning and saw that the Password manager you were using got a data breach, and not so good people got your all accounts information along with user name, password and the 2fa code. Thats why using two seperate app is always a good idea. I hope you understand
@@washimkhandakar that wouldn’t be an issue issue because password managers are encrypted. Even with the data breach, the hackers cannot get any data because the way encryption works is that the data is jun unreadable unless you know the master password. and the master password is not stored anywhere. They use a technology called salting and hashing, which means it only knows if you got the password correct but doesn’t know what the actual password is. Last pass at one point, I believe, had a data breach and not a single password was revealed! May Allah (S.W.T.) bestow upon you His Blessings and Guidance; Ameen.
@@washimkhandakar My PM is only on my device thus not affected by data breach. But even if there was a breach, the password DB is still encrypted. Complex passwords can take thousands of years to crack by brute force.
Android's Aegis Is the best. It's free and Open source, it doesn't connect to the internet. And you can store a back up file where you wish, in case you loose your phone.
I personally went with Ente's Auth which works pretty well as a drop-in replacement after using Aegis for a few months. Aegis was fine, but it feels a bit too dated to me. It's not bad, it's the standard (in terms of what people recommend AND what every apps have an Import option available for) for a reason. But it feels dated and I don't need most of its customization. Currently also looking at Bitwarden's new standalone 2FA app though.
@pipesinto Aegis has a backup file which you should save somewhere outside your android device, the backup file can be encrypted with your Aegis password so only you can see it. I would also recommend "Ente Auth" unlike Aegis, it stores your 2fa codes in the cloud, it is end to end encrypted so only you can see the codes, and if you lose your android device, you can just install Ente Auth, login, and you will get back your 2fa codes from the cloud. I hope I have cleared any doubts you had. Any questions, feel free to ask.
"Smartphone only." "Well, my ONLY smartphone is suddenly unavailable for any number of reasons, and I'm SOL.." I gotta have backups of backups, myself.
You and many others have a non digital lifestyle . It very possible and like that you shared that . If need you can a very limited digital life also if decide . I get mad when buying something at a store and asked for digital tap and save coupon .🤬 Just hold up your flip phone 😃 and show the paper flyer . My digital TV is using roof top antenna save $15,000 in last 15 years .
So you did not recommend a free solution that has apps for all 3 desktop platforms besides Web and mobile? And no, this question is very obvious since there is basically just 1 out there that meets the criteria.
My problem although 2FFA is enabled on my desktop Outlook, I never receive a text with a 2FFA code. Half the time, my alternate gmail does not receive the code from Outlook. How the hell can I get the SMS texts with a code???
God, yes. Authy is a mess. I regret ever trusting them. Thank god the desktop app's discontinuation made me get off my butts and migrated to Aegis, and later to Ente's Auth. Bitwarden's standalone 2FA app also looking good though, but it's very new, not yet much in features beyond the bare bones, but I'm monitoring it because I trust them and it's looking good.
OK, I won't be one of those people who ask, "Why didn't you mention ____________?" What I _will_ ask is why you tend to disagree with those who think it's a bad idea to use your *password manager* for the 2nd factor. But I should first ask _why_ some people think it's a bad idea. I'm hesitant, myself, because -- and you probably know where I'm going with this -- if someone gains access to my password manager, don't they also have access to the 2nd factor feature? And wouldn't auto-filling the code be a slight _additional_ security compromise? Your video is timely, in light of recent FBI warnings against using _text_ for two-factor authentication. I seem to recall it wasn't _your_ first recommendation either, in an earlier video, though you liked it better than email in terms of security. Like you, I want something that's available on both a mobile device and my desktop computer, and since I already use _Bitwarden,_ I'm considering enabling its built-in 2FA option. I have a strong master password, so maybe that's all the security I need?
My Facebook is locked due to two-factor authentication and I cannot open it, knowing that the identity verification step does not appear for me. It tells me that We're sorry, but there's a technical problem with this feature. We're working to fix it.
Authy's decision is not convenient to the user but is more secure and getting closer to the intent behind 2FA as "something you have". An app that can be replicated and used by many people in many places, at the same time even, is not "something you have". It's really nothing more than another password.
Based on your thinking every device can be something you have eg. 2 yubikeys so you won't lock yourself out etc. The mobile app will never be passed as something you have on any security audit. It is just an inconvenience at this point. Why? Because you can use Bitwarden or 1Password with the same way, only on your phone , so that argument goes out of the window for Authy.
Are you making the point that authy is more secure because it is tied to one needing to have the correct phone number, vs simply a master password. It seems that lastpass doesn't require the same phone number; all you need is the master password as well as the password and email address of email account. I am thinking that if you lose your phone then it would be easy to restore lastpass on a new phone. Whereas with authy you need to go and get the sim card with the same phone number on it. I believe you can only add a new device with authy if you have any old phone with the same authy account on it, as well as the ability to use the same phone number.
@@frixosfriedman7813 Convenience is at opposite ends from security. The easier it is for you to restore or clone, the easier it is for a bad actor to do the same.
✅ Watch next ▶ Another Way to Protect Yourself from 2FA Loss ▶ th-cam.com/video/ZGYA7h93ik8/w-d-xo.html
Aegis or 2FAS. If you want more security, 2FA is better off being as a different app than being used together with a password manager.
Why is it better being seperate? Password managers are encrypted
@@NazmusLabsOne day you woke up in the morning and saw that the Password manager you were using got a data breach, and not so good people got your all accounts information along with user name, password and the 2fa code. Thats why using two seperate app is always a good idea.
I hope you understand
@@washimkhandakar that wouldn’t be an issue issue because password managers are encrypted. Even with the data breach, the hackers cannot get any data because the way encryption works is that the data is jun unreadable unless you know the master password.
and the master password is not stored anywhere. They use a technology called salting and hashing, which means it only knows if you got the password correct but doesn’t know what the actual password is.
Last pass at one point, I believe, had a data breach and not a single password was revealed!
May Allah (S.W.T.) bestow upon you His Blessings and Guidance; Ameen.
@@washimkhandakar My PM is only on my device thus not affected by data breach. But even if there was a breach, the password DB is still encrypted. Complex passwords can take thousands of years to crack by brute force.
Android's Aegis Is the best. It's free and Open source, it doesn't connect to the internet. And you can store a back up file where you wish, in case you loose your phone.
I personally went with Ente's Auth which works pretty well as a drop-in replacement after using Aegis for a few months.
Aegis was fine, but it feels a bit too dated to me. It's not bad, it's the standard (in terms of what people recommend AND what every apps have an Import option available for) for a reason. But it feels dated and I don't need most of its customization.
Currently also looking at Bitwarden's new standalone 2FA app though.
What if you lose your Android? Could you still get in your account or what steps would you have to do?
@pipesinto I would recommend you using "Ente Auth" instead. Give it a try
@pipesinto Aegis has a backup file which you should save somewhere outside your android device, the backup file can be encrypted with your Aegis password so only you can see it.
I would also recommend "Ente Auth" unlike Aegis, it stores your 2fa codes in the cloud, it is end to end encrypted so only you can see the codes, and if you lose your android device, you can just install Ente Auth, login, and you will get back your 2fa codes from the cloud.
I hope I have cleared any doubts you had. Any questions, feel free to ask.
Thankyou, Leo.
I have tried a couple of authenticators and finally (at least for now), have chosen Aegis.
Aegis is my favorite. Open Source, and not tied to a password manager.
"Smartphone only." "Well, my ONLY smartphone is suddenly unavailable for any number of reasons, and I'm SOL.." I gotta have backups of backups, myself.
One more BIG vote for Aegis on Android.
I am way younger than You and I will tell You one - all this rubbish has got out of control, all I want is to opt out of this stupid digital world.
You and many others have a non digital lifestyle . It very possible and like that you shared that . If need you can a very limited digital life also if decide .
I get mad when buying something at a store and asked for digital tap and save coupon .🤬 Just hold up your flip phone 😃 and show the paper flyer .
My digital TV is using roof top antenna save $15,000 in last 15 years .
Ent Auth for desktop & mobile or 2FAS
you don't recommend Microsoft Authenticator app?
I don't think that Microsoft Authenticator by design supports synchronizing TOTP keys across multiple mobile devices.
It's a spyware
Thank you! I had no idea the code changed every 30 seconds. Good to know!
So you did not recommend a free solution that has apps for all 3 desktop platforms besides Web and mobile?
And no, this question is very obvious since there is basically just 1 out there that meets the criteria.
My problem although 2FFA is enabled on my desktop Outlook, I never receive a text with a 2FFA code. Half the time, my alternate gmail does not receive the code from Outlook. How the hell can I get the SMS texts with a code???
Another vote for Aegis on Android
Ente is really good..
Anything other than Authy is 👍
God, yes. Authy is a mess. I regret ever trusting them. Thank god the desktop app's discontinuation made me get off my butts and migrated to Aegis, and later to Ente's Auth.
Bitwarden's standalone 2FA app also looking good though, but it's very new, not yet much in features beyond the bare bones, but I'm monitoring it because I trust them and it's looking good.
OK, I won't be one of those people who ask, "Why didn't you mention ____________?"
What I _will_ ask is why you tend to disagree with those who think it's a bad idea to use your *password manager* for the 2nd factor. But I should first ask _why_ some people think it's a bad idea.
I'm hesitant, myself, because -- and you probably know where I'm going with this -- if someone gains access to my password manager, don't they also have access to the 2nd factor feature? And wouldn't auto-filling the code be a slight _additional_ security compromise?
Your video is timely, in light of recent FBI warnings against using _text_ for two-factor authentication. I seem to recall it wasn't _your_ first recommendation either, in an earlier video, though you liked it better than email in terms of security.
Like you, I want something that's available on both a mobile device and my desktop computer, and since I already use _Bitwarden,_ I'm considering enabling its built-in 2FA option. I have a strong master password, so maybe that's all the security I need?
My Facebook is locked due to two-factor authentication and I cannot open it, knowing that the identity verification step does not appear for me. It tells me that We're sorry, but there's a technical problem with this feature. We're working to fix it.
Your statement stating Authy is not compatible is incorrect, Authy is Mac compatible if it uses the M1,2,3 or 4 chips.
Aegis
2FAS
passkeys are the only solution.
Yes, but they're not available on quite a few sites at this moment
2FA apps are only as good as your phone, if your a victim of a SIM swap, your screwed
Not true. A SIM-swap does not affect Google Authenticator compatible apps.
Authy's decision is not convenient to the user but is more secure and getting closer to the intent behind 2FA as "something you have". An app that can be replicated and used by many people in many places, at the same time even, is not "something you have". It's really nothing more than another password.
Based on your thinking every device can be something you have eg. 2 yubikeys so you won't lock yourself out etc.
The mobile app will never be passed as something you have on any security audit. It is just an inconvenience at this point. Why? Because you can use Bitwarden or 1Password with the same way, only on your phone , so that argument goes out of the window for Authy.
Absolutely. It presents no problem to me to type in6 numbers. Using the service of a password manager defeats the intent of 2FA.
Are you making the point that authy is more secure because it is tied to one needing to have the correct phone number, vs simply a master password. It seems that lastpass doesn't require the same phone number; all you need is the master password as well as the password and email address of email account. I am thinking that if you lose your phone then it would be easy to restore lastpass on a new phone. Whereas with authy you need to go and get the sim card with the same phone number on it. I believe you can only add a new device with authy if you have any old phone with the same authy account on it, as well as the ability to use the same phone number.
@@frixosfriedman7813 Convenience is at opposite ends from security. The easier it is for you to restore or clone, the easier it is for a bad actor to do the same.