• Armored Pangolin@lemmy.dbzer0.comEnglish
      11·
      11 months ago

      Yep. Just download the Yubico Authenticator app. Your OTPs wont show up unless you tap your physical Yubikey to your phone’s NFC chip.

      Only downside is, the Yubico Authenticator only allows 32 accounts. So i have my most important accounts on there.

    • Lodra@programming.devEnglish
      4·
      11 months ago

      Bitwarden has been working well for me on iOS. It’s a paid feature though. $10 a year I think

      • Zekenator_von@lemmy.ml
        1·
        11 months ago

        Bitwarden has a 2fa function?i didn’t know it. But I don’t fully trust online apps for storing passwords though. A server can always be exploited

        • Lodra@programming.devEnglish
          2·
          11 months ago

          Bitwarden uses end to end encryption. This severely reduces the risk their infra is attacked. The encryption keys exist on your devices only so it’s impossible to read the server side data.

          The only real question is how much you trust Bitwarden as a company. Are they completely lying about E2EE to customers and auditors? If not, then Bitwarden is a good choice.

        • Lodra@programming.devEnglish
          1·
          11 months ago

          Oh and ya, it’s has a one time passcode function. Works great! It will even autofill into OTP fields… sometimes 🙂

      • picnicolas@slrpnk.net
        2·
        11 months ago

        You’re right about Apple. I hope the EU will force openness into the ecosystem. I’m also hopeful that open and free alternatives will continue to become more viable in terms of user experience; the switch to Lemmy from Reddit has been mostly painless.

        Thanks for the recommendations.

        Edit: Raivo is perfect for a dedicated Authenticator app in the Apple ecosystem. I’ll likely pay for Bitwarden instead as I want to support their great product.

  • driveway@lemmy.zip
    1·
    10 months ago

    Yeah, FreeOTP exports are broken. Can’t import them back to FreeOTP, can’t import them to another application. I’ve spent 2 hours writing a script to decrypt the export manually, the resulting codes are not accepted anywhere probably because ciphers are not written to the file properly. I’ve been going around restoring accounts for the past month. Fuck FreeOTP.