If possible, you should avoid this option and opt for an app-based solution. Some services might send you one-time codes via SMS messages. Here, your phone might send you a prompt and ask you to confirm that it's you who wants to log in, all without forcing you to enter a code. There are other ways, and you might run into them when you log in to your Google account on a new device. When you log in to a service you protected via 2FA, you're prompted to enter your current one-time password, and the service authenticates you. This secret is used to generate new one-time passwords periodically. To achieve that, your preferred 2FA app saves a secret code (a hash) in a secure enclave within your phone. Most of the time, 2FA works in conjunction with one-time passwords (OTPs) or codes generated by an extra app, which is what we focus on here.
This ensures that even if your password leaks, a bad actor can't get into your account. However passwords stored on their server, and a hashed master password is also stored there (this is the main concern for me), also according to Exodus the app has trackers.Īs many here are well tuned in to privacy / security I would appreciate any thoughts or comments.SCROLL TO CONTINUE WITH CONTENT What is 2FA?ĢFA, or two-factor authentication, adds a second factor in addition to your password to the process of signing in to your account from a new device. However it is closed source.īitwarden: Open source. my airline frequent flier needs member number, name and password to log in). It is possible to set-up multiple field logins (e.g. The pros/cons I see are:Įnpass: Passwords stored off line, using any of a range of cloud servers to sync passwords. They both support TOTP (which I would like to have). They have both been independently audited, and seem to be actively supported. Both cover the full range of systems (I need Android and iOS, Linux Mac and Windows coverage).
So looking for alternatives I am tending towards Enpass and Bitwarden. When the plugin fails to insert the full password into a login then its not working.
I have been using KeepassXC, and the various compatible plugins and apps for password management.
0 kommentar(er)
