Yesterday, I accidentally removed an authenticator app from my phone. Fortunately, I have another copy of the app on a different device. It made me realize how easy it is to lock myself out of my accounts. Do you think it’s a good idea to create a Windows VM with an Android emulator on it and install copies of all my authenticator apps, this will not cause any security issues?

  • usrdefB
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    You should be backing up your secrets to some type of app like Vaultwarden or KeePassXC.

    And you shouldn’t need to VM host an android OS just to have a secondary means of authenticating. There are plenty of apps out there that support adding your secrets.

    Vaultwarden, Bitwarden, KeePassXC, or hell, a Yubikey 5 device and then use Yubikey Authenticator.

    • detalferous@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      How do you back up your secrets? Do you have to do it at the time you first see them?

  • zandadoumB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    why not consolidate your auth apps?

    i use selfhosted vaultwarden (with backups ofc) for everything, except for vaultwarden, which is protected by authy . and authy can be backed up easily

  • wally40B
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I self host Vaultwarden and when adding the QR, I add it to my free account with LastPass Authenticator app at the same time. Both back up so if my phone dies, I don’t lose the 2fa.

  • rglullis@communick.news
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Just use a sane authenticator app that lets you export the keys, and backup those safely.

    I’ve been using aegis which is available on F-Droid. Whenever I add a new “critical” account I make a backup of the data. That’s it.