Wow an OTP app.
Maybe a QR creation app is next?
this post was submitted on 31 Jul 2025
272 points (95.0% liked)
Technology
73728 readers
3795 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Fantastic, wish they prioritised stuff like this instead of AI but at least it's here now. Now please make a dedicated contacts app so I can stop using Google contacts too!
load more comments
(6 replies)
Been using Aegis on android and managing my own backups but maybe switch or use for things I care less for just for simplicity
yes Aegis is awesome
Did anyone catch what the Proton app adds over all the already existing apps?
Looks like it has encrypted sync and desktop apps too, so that's nice if you need stuff on multiple devices.
The sync is the main thing for me. I already back up my Aegis library and upload that to proton drive. Difference in security for me is pretty much zero between Aegis and a proton authenticator app
Why its not available as apk or aab or on fdroid?
Promoting play store?
What's more, they talk up how it's open source and then don't link to the repo.
Here it is, BTW:
load more comments
(1 replies)
Ehhhh but they already have this in Proton Pass?
E: found this in the FAQ
Proton Pass is a password manager designed to securely generate and store strong passwords, and protect your digital identity with features like email alises and dark web monitoring. It also includes an integrated authenticator that can store and autofill 2FA codes - but not the ones used to log in to your Proton account. Proton Authenticator is a standalone 2FA app that allows users to enable 2FA protection for their Proton account, it also allows users to store their 2FA codes separate from their passwords if they wish to do so.
If you already use Proton Pass, I think I'd recommend Ente Auth instead. That's what I use.
Thank you for your comment. I was also confused initially before reading properly. I thought, 'What? But isn't the Proton 2FA thing paid? What do they gain by making it free?' It seems that most people are not willing to use this new app, though. Ente, Aegis, whatever the alternative is, there doesn't seem to be a reason to use this new authenticator from Proton instead. I wonder what their goal is here. Is it simply to expand their app 'ecosystem'?
There are ads in the app for Proton Pass, so that's my best guess.
You really should not keep your MFA codes in the same place as your passwords, especially if you are syncing those passwords between devices and/or a cloud service.
Yes that's why I said:
If you already use Proton Pass, I think I'd recommend Ente Auth instead
load more comments
(3 replies)
It is very wise to store your 2FA codes separately from your general login credentials. If one is breached, the other protects it (hence, two factor). If both are breeched, your account is hosed.
Same deal when setting up 2FA on an account and they provide some 'one time use' 2FA codes, they generally say 'do not store these with your standard password credentials - keep them secure and separate'.
Correct. However it's worth noting that passwords are almost always compromised server-side. So 2FA is far more a mitigation of data breaches from the provider, rather than your password manager being breached.
load more comments
(3 replies)
Hmm... I'm not sure about having an authenticator app on a desktop computer.
Like you are putting all your eggs in one basket. Password managers, and your emails already go to one place for authentication. Adding an authenticator means if your computer is compromised, a person can have access to more accounts.
I always figured this is why desktop authenticator apps aren't a thing.
The alternative for people who want a convenience factor is putting it all in the same location. For example, the only thing Authy for desktop closing did for me was make it so I no longer had an isolated app for both 2FA and passwords, because now it's just all in my password manager.
I don't always have my phone on me 24x7, so the inability to access things on my desktop is a massive nope for me.
The way I looked at it, it's no different than having a mobile device with a password manager on it, because if someone steals your mobile device, they have access to everything as well. So the two-factor authentication apps shouldn't be on desktop argument never made sense to me, mobile is the same way.
This application might make me go back into having the two isolated systems, because it removes the massive inconvenience factor
So the two-factor authentication apps shouldn't be on desktop argument never made sense to me, mobile is the same way.
I think that argument was rooted in the assumption that the phone was a separate and smaller attack surface. The assumption is reasonable if you use your credentials mostly on desktop and only have a few apps on your phone, which was indeed the case for a lot of people in the past.
But nowadays, a lot of people use the same credentials on the phone just as well, and with everything asking to install their app, I'm not sure the attack surface really is smaller anymore. So, if you're in this scenario, I agree with you that you may not be sacrificing much by having 2FA on desktop.
And, of course, 2FA, even in the same password manager, is still better than none. Your first factor can be stolen in more ways than just compromising your machine, for example through data breaches.
That makes sense. I hadn't really looked at it from the angle of most apps are going on devices anyway. Mine was just because of the fact that it's super annoying having to have my phone on me at all times for two-factor authentication. Especially considering that most 2FA apps require you to sign in in order to use them anyway.
Also, yeah, that was my ideology when I threw them into my password manager. That if they can manage to breach a device, find my private key that's used to lock the database and figure out the password for the database. Something far worse has gone wrong and losing my passwords is the least of my issues.
But nowadays, a lot of people use the same credentials on the phone just as well, and with everything asking to install their app, I’m not sure the attack surface really is smaller anymore. So, if you’re in this scenario, I agree with you that you may not be sacrificing much by having 2FA on desktop.
This makes sense and puts holes in my statement. I also feel like more people are willing to install shady stuff on their phones than their desktop now. I have no sources for this though.
The way I looked at it, it’s no different than having a mobile device with a password manager on it, because if someone steals your mobile device, they have access to everything as well. So the two-factor authentication apps shouldn’t be on desktop argument never made sense to me, mobile is the same way.
That is true. And more phones are stolen now than computers. Computers can have the same security and encryption if properly configured.
Even though you make a logical point, something in my gut doesn't feel right.
load more comments
(2 replies)
Well hopefully the 2FA data is encrypted and the app requires a pin or password to access.
Plus my password manager also needs a pin after it times out, and my computers all have their drives encrypted too.
It's plenty to stop casual thieves and such.
Absolutely. 2FA codes (and 2FA 'single use codes' / recovery codes) should not be stored in the same system that manages your usernames and passwords - it defeats the purpose of 2FA.
But most people will just breeze past advice and do whatever is most convenient.
load more comments
(4 replies)
load more comments
(1 replies)
I guess it's kinda nice. They already had this in Proton Pass, but I guess not all accounts have access to that as a bundle maybe?
Proton Pass is a password manager designed to securely generate and store strong passwords, and protect your digital identity with features like email alises and dark web monitoring. It also includes an integrated authenticator that can store and autofill 2FA codes - but not the ones used to log in to your Proton account. Proton Authenticator is a standalone 2FA app that allows users to enable 2FA protection for their Proton account, it also allows users to store their 2FA codes separate from their passwords if they wish to do so.
Seems like basically an ad platform/gateway to Pass.
fuck yeah, goodbye authy
Why? What’s wrong with Authy? I use it, Proton and Bitwarden. I could consolidate everything into Proton, but I’m concerned about having everything with one vendor.
load more comments
(3 replies)
That’s amazing
Netflix doesn’t have 2FA
I currently have all of my 2FA codes in Pass except for my Proton account itself, which I have in Aegis, backing up to my home server.
It looks like you can easily export from Aegis to Proton Authenticator and you can use PA without a Proton account, which I think I might do. I don't want to use my PA app with my Proton account to hold my Proton account 2FA code. I'll end up locked out of the house with the keys inside.