I’m pretty happy with Aegis. AFAIK, it doesn’t work with any of the “push” style methods (Duo, MS Auth, etc), but I don’t care for those anyway. Easy to backup/restore, the backups are encrypted, you can lock the app behind a password/PIN and/or biometric lock, and it’s open source.

I use Aegis. Backs up to a password encrypted file.

File follows same as all the rest backup procedures.

Have a look at 2FAS. Open source. Works for me. 2fas.com

I use Bitwarden as a password manager and 2FA manager. I like that Bitwarden automatically copies the 2FA number after filling a password — if you want it to — so I just hit paste and it’s all quick and easy. It’s a lot of trust to put in one product/company, obviously, but I use biometric, FIDO, or ssh keys for critical stuff (at least where I have the option).

I also use Authy, in part because I used it for years before switching to Bitwarden. I liked Authy a lot but it was just less convenient than using Bitwarden. Also, a few sites — Twilio (Authy’s parent company) ones, specifically — seem to require Authy.

Passwordless is coming along but pretty slowly. So, definitely setup 2FA. Tech companies can’t seem to wait to switch to passwordless. Other types of businesses are super conservative about logins and probably won’t adopt it for a few more years.

I use freeotp++ on mobile and bitwarden for sites, where I have to log in >1 times per day.

Vaultwarden, and open-source upstream bitwarden client-compatible backend. Stores passwords, 2FA, and any secure texts.

Keepassxc on pc and keepassdx on android

You don’t want it to be ridiculously easy to back up, since that is an attack route. Anyway I’m happy with FreeOTP which is on f-droid.

I use ente auth.

It’s open source, keeps your keys encrypted in the cloud and lets you use it on all devices. Convenient to have it on my desktop and backup phone.

Yes, it’s not best practice. I feel the risk is greatest that some password hashes leak. I want to guard myself from getting locked out.

AndOTP is what I use… you can produce encrypted or unecrypted backups, and even if not ideal for sensitive/secure information, you can transfer unencrypted JSON easily to virtually any other app on PC or otherwise.

I’m using pass, the Unix standard password manager. While the original application is just a. shell script, gpg and git, it seems to have evolved more into a standard structure of encrypted files that any applications can use.

On UNIX I use gopass, on my phone I use Password store together with open keychain.

Benefits: completely self hosted, well known and robust technology, easy for developers to make applications or even just read the files youself

Cons: Need to setup and maintain gpg keys. Applications I’ve used so far seem geared to more technical people. Setting up a new device requires copying gpg keys or generating new ones and add the public key to your vault. Last I checked, no viable IOS client.

Depending on your view this can be either pro or con, but you can store your 2fa and password in the same repo, all protected by your gpg keys.