Just switched from authy to aegis. Thanks!

Such a necessary video for people to watch in this digital age. Thank you!

Aegis had been my go-to choice. Glad it's among the best.

As always, thanks for keeping me more informed!

Really starting to love your channel I am an avid Authy user Most videos that trash authy are just plain wrong Your video is the first that not only was not wrong, but actually made me rethink some things. That means he not only were very accurate in your research but you also presented it very well. Props Most videos are so bad they suggest sms is better than authy

The best thing to do is to stop using your phone for this, if your phone get compromised it really doesn't matter how secure is the app you use.

Thank you for your constant focus on privacy. From a security perspective, I was disappointed that you even brought up a non-supported code base as an option for users. This video is not geared towards developers - but end-users who may or may not be slightly more than technically literate. Even serious developers often overlook security blemishes - and by advocating for a non-maintained code base you are opening them up to bad things down the road. Yes, I know you had a comment at the end about use at your own risk - but without the appropriate security background someone might not correctly understand what you are implying. Again though - thank you for your constant videos, and I watch regularly.

Re: Authy, I don't think it's enough but they've at least updated their Privacy Notice with effect Aug 10: "We clarified that we do not sell your personal information to, or share your information with, third parties for cross-context behavior advertising." Also I had trouble figuring out FreeOTP, or getting it to generate a token I could do 2FA with

Very few people give thoughts on privacy, if you are one, this video will make more sense

Another fantastic and informative video, Naomi. Thank you!

The sad thing is we're using Google's (Alphabet) to learn about privacy. I remember when most things could be forgotten. Not anymore. Thank you Naomi!!

In terms of Google Authenticator, it probably isn't surprising. Security is a tide that floats all boats and Google benefits from more secure Google accounts giving them an incentive not to mess it up. Microsoft is different because most people use MS Auth because they are forced to by work.

Naomi is the woman of my dreams. Good vid.

Thank you very much for helping me out to find a good and private solution for all my 2FA Codes. I started following your videos 2 weeks ago and you really inspired me to care more about my personal privacy rights. e.g. to change my 2FA App and to change my Cloud Space and to check what is really going on, on my Phone, Desktop and other Devices.

An immense thank you for all the work you're doing❤Keep going!!

great job with your video miss Naomi hope you stay amazing

Oh! my goodness. So much info to absorb for an older gentleman but wait.. that little finishing skit made ma laugh out loud. Thanks Naomi Brockwell.

In the case of Authy 3:15 the generic info collected is necessary for the app to function. This info enables Authy to be used on multiple devices, this being one of the great back up features of Authy. If you drop your phone in the toilet you can still Authy on your tablet or desktop.

love the vibrant colour suits you well

Gave up on those famous... Adopted 2FAS open source with local backup and optional DRIVE cloud synch

Thank you kindly for this awesome 411 😊

For Google, there is no need to use trackers in the android application, the entire android system is one big tracker for them.

I just spent an entire morning trying to access one of TWO licensed copies of Microsoft Word. In the painful and Byzantine path that Microsoft and Google set me on. It included a license fee for Microsoft Authenticator, and concluded with Microsoft's admonition to "try again tomorrow." I would wager that the average teenaged "hacker" could have donned its obligatory hoodie and broken the process in a couple of minutes. I, in contrast, probably stand a greater chance of breaking into one of Bill's Bunkers than of using Word anytime this month.

You're doing great work! I've longed for a channel like this

That’s a great overview! I would have loved to see the iOS build in 2fa password keychain in your list.

The Queen needs to give us a live.

I love your content, but I am loosing faith in the digital realm, the amount of hacks and privacy leaks recently is making me concerned. In Australia alone 4 major companies I have information with have have all been hacked and my personal data stolen...

2FAS is sensible with open source + offline and google drive encrypted with hidden folder backup. Nowadays I use alongside it that ente auth as well.

How about new Proton Pass in app 2FA stacks up with other open source 2FA?

Happy St. Patrick's Day, Naomi! ☘️

Thanks.. Very enlightening video... I was suprised about some of the apps like authy..... Time to ditch that one..

Thanks for your good work Naomi .

excellent content... appreciate the efforts

Its amazing how tech just keeps recycling old tech and calling it new, its like lessons never learned, I have lived long enough to be in the days of dongles, (security keys), pain in the butt but they did the job

Microsoft authenticator works like a charm.

did they had any comment regarding Apple's 2FA that is embedded in their keychain?

How do Ente Auth and Duo Mobile compare to Aegis and 2FAS?

I was waiting for this video 🎉❤

I can understand why Authy stores that data with a useraccount. If you switch to another device (Like you bought a new phone) you don’t have to set up all the 2FA settings again. Just use the same phone number or email address, enter the password you set up and voila, your 2FAs are back. But it’s not like Authy can do anything with that data, right?

I have stopped using 2FA on my accounts after nearly losing a couple of important old accounts which had reset on me at the same time I changed to a new phone. The whole back- and forwards compatibility, security process and recovery is poorly thought out.

Thank you for your Insight the authenticator issue has been a nightmare for me😢

How do you synchronise across multiple devices without providing your servers with information?

Thanks Naomi.

Thank your for your hard work. Please tell me your thoughts about CA AUTHENTICATOR and the possible ability for a company using this app to track employees.

What about YubiCos Authenticator?

Hey there, Free OTP doesn’t work with a well known VPN provider. So it may work with other apps but not all.

What about bitwarden?

Thanks Naomi - so thorough as always

Downsides of FreeOTP are, that you can't export the secure codes and that it's not locked by code or biometrics. 2FAS is my way to go...

microsoft 2fa is for me. dont mind the analytics. iam using the app for free anyway. they also have a good backup

We can't have nice things. Oh, Authy, I had high hope for you.

so when smartphone A is dead or stolen i must resetting up the login synch and can use the key which had been displayed beside the qr-code right? will just test. no need to restart synching from scratch?

Cant wait for Proton Pass to come out it has 2FA too since i cant trust the other apps that much but still i have to be careful of proton too u never know

What about an authenticator based on DES128 which is an extended version of DES64

Raivo on Mac/iOS is open source.

What are some secure authenticator apps ppl can use in 2024? I’m trying to switch off of Authy, and articles about this topic always recommend Google or Microsoft authenticator 🙄

How does Symantec VIP fit in? Is it collecting data?

I’d go with Proton Pass over of the above.

Had been using authy for its sync feature across mobile and desktop... but they are stopping the development on desktop so I guess I will switch to Aegis now

After doing the 2fa amazon is still asking me for my id card and an recent bill. I gave them my id but i dont have any bills to my name. What shoud i do?

Not exactly on point, but I've heard that once you save something on Google Drive it is there forever. Even though you may delete the files from your Google Drive, Google stores all of that information. If that is correct, is there anyway to remove all of those old files you have since deleted and moved to a more secure location?

I have a question: how are these security analysts able to find out what data is being sent? I would assume it's all done over an encrypted connection, so sniffing traffic is not the answer. They're running some sort of strace-equivalent on Android/OSX, and look at what write()/send() syscalls write to the socket?

I like this Channel.

I guess it's just me, but I find QR codes pretty useless on a mobile device. You have to have 2 devices to use them: one to display the QR code and another to scan it. I just copy the manual code, then open the 2FA app and paste it. Plus I can keep a separate encrypted file of the keys for recovery if the app gets deleted or corrupted or I get a new phone.

So what should I use for ios then?

great info thanks

What are your thoughts on using the 2fa functions built into 1password coupled with a security key?

Kosher Cat Authenticator, if it existed, would DEFINITELY be at the bottom of the list of choices. For obvious reasons....

aegis is the best authenticator

Good keep up ❤

What about Apple’s 2FA?

It's not true 2FA if you're running an authenticator app on the device you're using to log in. It is better to use a separate device for the authenticator app and keep it offline.

I like KeepassDX, aside from passwordmanager, it also supports TOTP

Good overview video, God bless.

how can we import items from Microsoft authenticator to aegis?

Thanks Asuka :D

Does this have anything to do with mail merge.

This is great! Thanks!

Are there also privacy-respecting 2FA apps for PC?

You can write your own in about seven lines of Ruby/Python.

Hi I'm Ariful Islam leeton I'm software engineer and software development and website development

Just because Google does not currently do stuff does not mean they will change their mind... unless they have already all that they need...

Why you don't mention OTPs on Yubikeys? is the most secure due are not tied to internet?

We need a way to easily quarantine an app and block all network traffic to it. Especially for apps that are able to run offline and have no functional need to have connectivity.

Don't download an app at all, just use the embedded solution in macOS/iOS no?

Any information on Duo Mobile?

What about the one built in Dashlane?

What about self-hosted passbolt?

What about Yubico's auth. ?

Well Authy actually earns their money from the companies using it.

God I LOVE ❤ this woman!

Really nice vid.

keepkey is essential... 2fa using sms, or google is risky & less secure in times.

I guess the only way to make sure that the open source code is what's on your phone is to build it from source yourself

Are you on Linkin?

2FAS is the app in the world 🌎

Bitwarden?

Maybe new services need to apply for IANA ports so people can block them without hesitation. Need to be FDA approved :)

The analytics should be removed but Authy does need to have phone number as a second factor to support the backup and multi device functionality. I think the risk of losing access to all my accounts because the device with my 2FA app breaks is greater than the risk from Authy knowing my phone number.

What about gnome authenticator?