I use this, a couple of tips: set up a fingerprint unlock so you dont have to type a pin everytime; and I advise not to keep your TOTP codes only in a phone app, you can save them in KeepassXC on your pc for example.
You can setup regular auto backups along with syncthing to keep it safe. That’s what I am doing so to store the file in multiple devices and locations.
I love syncthing, so versatile. I don’t backup the Aegis database with it only because my TOTPs are already in Keepass and because Aegis is backed up by Seedvault already (Lineageos)
If both your password and TOTP code are saved in the same place, that’s a single attack vector. Saving your TOTP codes in Keepass destroys the second factor part of the protection.
Keeping it on physical paper helps in almost all cases.
1 - It separates the backups from the internet, helping prevent security vulnerabilities from stealing your MFA codes. Cloud backups along with cloud passwords means you would get caught up in any major data breach.
2 - It allows you to set up a new device without needing to have the old device. If you lost/broke your phone, then those local QR code exports are gone.
3 - People generally know how to keep physical things safe. You can put them in a bank’s safety deposit box, in a fire safe, or just in a folder in your desk. As long as they’re not also sitting near your passwords, they’re pretty useless to most people, and the likelihood that someone is going to physically try to swipe your account data is extremely low.
I have some of the NFC/USB sticks Token2 make.
Which are neat, as you can stick the seeds on there, then retrieve them so long as you have physical access, and the passkey.
I use this, a couple of tips: set up a fingerprint unlock so you dont have to type a pin everytime; and I advise not to keep your TOTP codes only in a phone app, you can save them in KeepassXC on your pc for example.
You can setup regular auto backups along with syncthing to keep it safe. That’s what I am doing so to store the file in multiple devices and locations.
I love syncthing, so versatile. I don’t backup the Aegis database with it only because my TOTPs are already in Keepass and because Aegis is backed up by Seedvault already (Lineageos)
If both your password and TOTP code are saved in the same place, that’s a single attack vector. Saving your TOTP codes in Keepass destroys the second factor part of the protection.
Physically print out the setup QR codes, and keep them safe.
Old school, I like it. Of course KeepassXC can also show the QR codes :)
Keeping it on physical paper helps in almost all cases.
1 - It separates the backups from the internet, helping prevent security vulnerabilities from stealing your MFA codes. Cloud backups along with cloud passwords means you would get caught up in any major data breach.
2 - It allows you to set up a new device without needing to have the old device. If you lost/broke your phone, then those local QR code exports are gone.
3 - People generally know how to keep physical things safe. You can put them in a bank’s safety deposit box, in a fire safe, or just in a folder in your desk. As long as they’re not also sitting near your passwords, they’re pretty useless to most people, and the likelihood that someone is going to physically try to swipe your account data is extremely low.
I have some of the NFC/USB sticks Token2 make.
Which are neat, as you can stick the seeds on there, then retrieve them so long as you have physical access, and the passkey.