Authenticators for 2FA: any recommendations?

[Avion]

Quote:

Originally Posted by TenFour

A phone app is better for that problem since I would always be carrying it, but a phone is also more likely to be lost, stolen, or broken since it is used constantly. Just one drop in the wrong way and your phone can be out of commission.

If in that situation, one gets another phone - provided of course that one makes provision for the necessary 'stuff' (phone app, import file, etc) to be available. If you lose a Yubikey, you better make sure you have easy access to a backup key.

I've looked at Yubikeys previously, but the cost and the thought of losing it has put me off. I'm satisfied that a phone app is sufficient for my current needs.

[beeboy]

Proton has released their new authenticator app. I've been using 2FAS for android for years.

[Tsunami]

Is it correct that any service that offers 2FA can be used with any authenticator that follows the protocol (for example TOTP), even if the service does only list 1 or 2 authenticators they allow on their website?


Of all services I use, only 1 does not mention that they accept Yubikey.

I could of course use another authenticator for that one service, but it'd be nice if I could use my Yubikey for all services. But apparently if a service for example accepts Google Authenticator, then it should be possible to also set up 2FA for that service with Yubikey?

[Avion]

Quote:

Originally Posted by Tsunami

Is it correct that any service that offers 2FA can be used with any authenticator that follows the protocol (for example TOTP), even if the service does only list 1 or 2 authenticators they allow on their website?

Are these services saying they only allow certain authenticators, or are they just using them as examples of authenticators?

I don't know how they would be able to tell which TOTP authenticator was used anyway.

Here's a link to a website that lists providers that have hardware authentication, I cannot vouch for the accuracy of the list:

https://2fa.directory/us?q=u2f

[Tsunami]

Quote:

Originally Posted by Avion

Are these services saying they only allow certain authenticators, or are they just using them as examples of authenticators?

I don't know how they would be able to tell which TOTP authenticator was used anyway.

Here's a link to a website that lists providers that have hardware authentication, I cannot vouch for the accuracy of the list:

https://2fa.directory/us?q=u2f

The list is decent, but some services of which I know they accept Yubikey are missing in the list.
On the other hand, I did learn about some services that do accept physical keys for 2FA of which I didn't know that before.



As for that one service I use that doesn't seem to accept Yubikey: I'm not sure if they don't allow it, or if they just don't encourage it. Because indeed, how could they know what type of authenticator you use, as long as it manages to provide one-time passwords?

The service gives instructions on how to set up 2FA with some other authenticators, it doesn't mention anything like Yubikey or other physical keys. But then it also doesn't list instructions for setting up 2FA with for example Aegis or OpenOTP either. Does that mean they only allow those very few authenticators they list in their FAQ about 2FA? Hard to tell, but I indeed wonder how they could ever know what authenticator you use, as long as it does generate the needed one-time passwords.