For example, using the Bitwarden app on Windows and then Aegis on phone. The safer model would be to use different devices for TOTP and your password. There already a case where a BW user was infected like this, his account was hacked and you can read that on Bitwarden subReddit here. Read the news here: Android malware can steal Google Authenticator 2FA codes | ZDNet Should your device is infected by malware, it can steal your TOTP. Keep in mind that 2FA or TOTP is not bulletproof. Should someone be able to access your secret key or TOTP QR code, he can generate the same TOTP as yours. You should store the TOTP secret keys separately from your passwords. I use Authy most of the time, back up the TOTP online, and link everything with my phone number. It will defeat the purpose of creating the TOTP itself. I am not a fan of putting both TOTPs and my passwords in Bitwarden. If you are on Android, Aegis is also good since it can backup your TOTP somewhere else.
On mobile: Authy, available for both iOS and Android. I think I should answer some of the issues above:
0 kommentar(er)
