just found your channel and i love your videos, as someone interested in privacy related issues - I find your videos easy to understand!! Keep it coming

If it's best to keep the password manager and authenticator on different devices, how would you then log in to things on your phone if you're out and about and not around your laptop/other device?

I thought I was doing all this alright, but... How are you supposed to log-in on websites if you are on your phone?! If you put hard random passwords generated by your password manager (so you can't remember them), but you can't have the password manager on your phone, because that is your "other" device for 2FA... Must I buy a new phone just for 2FA?? or what would be the correct way?

This is so amazing, just downloaded OTP Auth! :D

Sun, could you help us setup our new Yubikeys please? Thanks in advance!

Do you recommend storing the secret password to OTP Auth on your 1password?

Hi Sun, thanks for this awesome video! I'm a beginner and really appreciate your help. What do you mean by "leave a copy" at home or parent's place? Can you print that backup file? Do you share that file with trusted people? Thanks so much.

Hi Sun I really enjoyed your videos about hardware wallets. Those made me understand a lot more about Cryptoc. in general! I want to ask if you could maybe once talk about the technical aspects and your opinion about the Jabber protocol and maybe the off the record messaging option/plug in. IDK you have heard about this :)

How do you feel about Duo Mobile for 2FA?

9:50 Could you post a tutorial on using this github project just in case we need to recover our accounts?

Sun, where were you before lol!! Just recently discovered your channel. Thank you for wealth of useful info and no BS! Could you do an episode about OS system on the phone that would be good for privacy, if there is such thing lol. I appreciate your reply!

So if you got a new phone and wanted to set up OTP Auth on it, you can just use the same QR code or hash that you saved during the initial set up? Or do you just use the secret key to set it up on a new device with all of the OTP codes migrated over?

What is the open source project you mentioned for decrypting your backup if need be?

Is there any reason you do not choose the open source apps FreeOTP+ or andOTP?

You say to not use your TOTP app on the same device that you have your password manager, but I recall in your 1Password video you downloaded it to a mobile device, does this mean that you have a separate iPhone for TOTP?

Hi Sun, can you write a link to OTP Auth, it is Roland the developer? You repeat three times in French but still don’t get that name Goulan is Roland Moers right ?

I have dl this on my iphone. But I dont have mac, I have a PC. Does the backup still works on PC? When I dl the backup, I dont see any code but an empty file

Hi Sun regarding the backups mentioned in the video - I am an amateur with these things! I am not sure I understand exactly what these backups contain? Could you explain what the backups contain?

Where do you recommend storing your authenticators pwd? Or is it something you believe must be remembered in your head? Storing your authenticators pwd in your pwd manager that uses your authenticator for login defeats the purpose.

Hey Sun, how do you feel about "contactless payments"? like tapping your smartphone for transport fares, supermarket checkouts etc... will you be making a video on something like that? do you use it yourself and is it safe to use?

Hey, one question. If I use signal as sms/message app, does it make 2FA more secure? Or it doesn't matter?

Sun, your videos are brilliant! Bit of background for you, i used to love technology but in recent years i have been fighting back by avoiding as much of it as possibly ( im currently on an old LG flip phone) because im paranoid my smart phone(Mainly) along with other devices are listening ot me and i dont feel i can surf the net without everything being recorded what i do. Your vidoes are actually making me feel very relaxed and i feel i can take control of my tech, so thank you very much. I notice your a Apple man. I am a Windows and Android fan. Most of your videos i havebeen able to follow pretty easy. Some i have had more advantages but others you have profited because of using Apple. In regards to using a 2FA on an android phone i cant use otp auth is there anything else that you would reccomend ? ideally something that i can use for my phone and laptop. Keep doing these videos, they are brilliant, professional and extremely clear to understand. This is coming from a complete noob who doesnt even know how to copy and paste via keyboard till last week =p

What would you suggest for android Sun? Great content keep it up!

I use my keepass database on android and on my computer (synchronized with syncthing), I'd like to use Aegis as 2FA app on android but I'm not sure if it's safer than the current 2FA SMS setup. If I get an android malware, it could steal 2FA when Aegis is unlocked, and passwords when keepass is unlocked. Or it could get both databases to perform offline bruteforce attack. I suppose that SIM swap attack is less probable (for a normal user) than getting an android malware. What do you suggest? If I keep my password manager database on my pc only, should I backup crypted Aegis tokens in a different location than my pc, in order to keep the two databases isolated? Sorry for the long question.

Is there an android equivalent for otp?

Thank you for your great video! Really impressed by the quality, so I subscribed. Quick question. I’m using Windows PC and it is where I mainly use password manager. I also have iPhone and I have to use same accounts on my phone too. So should I manually login those accounts on my iPhone or is it OK to have 2FA app and password manager in the same iPhone?

Do you know an easy way to migrate from Authy to OTP?

I must have missed it. It's this app only for ios? Also, if it's not what's the name of it?

Hey Sun ! Thanks for your work. I know you video it's from a while ago but could you recomend to me a 2AF app for Android. Thanks a lot.

Hey Sun, I just discovered your channel ......... all your videos and all topics are of interest to me. I will start watching all and "liking". Good job on this video. I use Authy now and have it on my desktop and iPhone but after watching this I am not too sure anymore. I am hesitant about using OTP auth as I am afraid it will go off of the apple store ( I am not techie to figure it out if it goes off). Which other authenticator would you recommend? You talked about Google auth but not Microsoft auth ( or maybe you did in another video). Microsoft auth has an iCloud backup available in settings.

Otp Auth vs Raivo otp ??

You were the only one that made a tutorial on how to use OTP Auth , thank you ! what is the secret part when you try to setup an account? When you try to set it up via credentials instead of QR code, it asks Secret then on the bottom it says plaintext vs base32..what does that mean?

I strongly think nowadays there are way too many security steps that having your bag stolen (with your phone and your laptop as mentioned at 20:59) is an INCREDIBLY HIGHER RISK than needing 2FA everywhere. If your 2FA is put on the source of your accounts, AKA your email, then that's already PRETTY GOOD. I always had problems with too much security that stopped me from doing things rather than being hacked. Jee how important are you that you need 2FA everywhere? whatever 2FA auth you choose, make sure it's DEVICE INDIPENDNET. Again as stated at 20:59, if you lose your bag you are DOOMED. that's waaaaaay more likely than having a keylogger installed on your computer that gets alls the passwords you type.

Is it possible to have 2 different 2FA apps (one on iOS and one on Android) for the same accounts (e.g. Reddit, Google, etc.)?

Wanted to add my +1 to the requests for a Yubikey video I see in other comments. Interested in your opinion of it in regards to opsec.

Hi Sun thank you for making these wonderful videoes! You are mentioning that you might talk about Yubikey in on of the future episodes - I know it must take a ton of work to produce these videoes - but would you know 1) if you are going to do it? 2) If so would it be in the near future? All the best and again thank you for making these videoes)

Hi just found your channel, love your videos, with 2FA what are your thoughts on U2F like Yubikey

I only use offline 2FA with an encrypted USB with my .json file that I can import into my authenticator app on my linux machine and I always remove the 2FA info from my computer after logged into any accounts

Thank you, Sun !

Hey Sun do you use a demo password :) I can see what your typing on the iphone keyboard :) Anyway, great video, i like your style you are clear and educational. Keep up the good work, your work makes a big difference!

Hey Sun, Thor here on my actual channel I started for all things Sui Juris, Sovereign. Lookng forward to sharing your channel with my audience.

This channel is gold! Thank you so much and keep going. Just watched 70% of the videos and implemented most of it. What do you think about Enpass with one-time-code as an 2FA App? I use this app as an password manager and 2FA Auth

OTP locked me out of Amazon services due to a unbinding of the third party OTP generating app, and now Amazon requires me personal ID or documents, this is unacceptable. Security leaving you out of the system is so badly designed in this case that works against clients. Biometrics and so on is no way acceptable. Personal data should not be shared nor can be required but from the Public Authority. THey can't substitute or play as the State. This is negative design. OTP is useless if one has very difficult passwords and also a secured e-mail account... It's incredible Amazon doesn't have an internal OTP generation app! Doesn't allow recovery method, doesn't allow e-mail OTP sending (alternative), doesn't allow Double PASS as an option too... or even an option with an additional PIN, so PW + Pin. This is such a negative status. No way I am gonna send my ID!

Microsoft Auth is great as well. It also provides the option for backups unlike Google Auth.

OTP Auth is the best app ?

Lets not forget, if your phone gets locked, destroyed or lost, you will also loose access to all of your 2FA accounts as well. Enjoy your nervous breakdown afterwards.

Apple has the worst 2FA, it seems. As far as I know, you need to add either an email adress or and telephone number. And not only those are bad ideas, but with that method they also allow to reset the password!!!! This is something that never ever should be able, IMHO.