Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> apparently the Google Authenticator doesn’t back something up.

This is widely known and IMO a very good argument to use a different TOTP/2FA app than Google Authenticator. There's plenty out.

Personally I use Bitwarden pro, which lets you add TOTP keys directly to the account you're using it for, integrating it into the login-process. Very smooth.

And it sync/backs up across all my devices.



One could say you shouldn't store the 2FA along with your password.


Not the parent, but I look at it this way…

Something I have: the database file.

Something I know: the master password to that file.

I figure the sprit of the advice is preserved for the most part. (Doesn’t keep me awake at night, anyway.)


But 2FA on a phone had been awkwardly okay. Could be because it's just too silly that adversaries can't take it seriously, but it's been okay.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: