I use google auth for several forced 2FA sites and a few sites where what I am protecting is worth the hassle. One difficulty that quickly emerges is managing and finding the correct Totp in the long unsorted list.
It’s no big deal when you have 6 or even 10, but as it approaches 100 different totp strings, it does become a hassle.
2FA is great where it makes sense, but contrary to the rhetoric here, it is not without trade offs.
Owen
In case it's of help, Authy seems a much-improved UI over Google Auth, including searching, and sync between devices, so e.g. your tablet can be your back-up key if your phone dies, is replaced, etc.
No connection other than as a happy user.
Cheers,
Tim.
For a while google authenticator did not let you "export" (copy to another device) for "security reasons". Nowadays it does, not sure since exactly when. It also lets you search, so in these regards they are probably on par now.
Robert
For a while google authenticator did not let you "export" (copy to
another device) for "security reasons". Nowadays it does
i think this is probably good for some folk. though personally i am not
sure i want to consider two devices as endangered.
but as the list gets longer and longer, export as a backup mechanism is
tempting. though an encrypted blob a la hsm backup would be a much
smaller increase in attack surface than cloning.
as i get more and more entries in the list, i would love it being alpha
sorted. search requires that i adopt the fantasy that the iphone has a
keyboard.
randy