Authenticator recommendations -

[Weeb Slinger]

I want to compete with Russell Greer by publishing on Kindle, but can't get past the two-stage authentication process as I do not own a mobile phone, or any kind of mobile device.

Apparently I need to download an authenticator app for my tower PC.

I assume, as with all technology, this area is rife with bastardry and pitfalls.

Can anyone recommend an authenticator that isn't going to fuck me over, or terminally lock me out of my account on a whim?

 

[Kosher Dill]

Yubico has authenticator apps for both desktop and mobile. I have one of their hardware keys and it works fine.
You'll need a computer that has a USB port though.

Yubico Authenticator App for Desktop and Mobile | Yubico

The Yubico Authenticator App works seamlessly across all major desktop and mobile platforms, with full support for Windows, Mac, Linux, Android and iOS.

www.yubico.com

 

[lemmiwinks]

I use KeepassXC on PC/Mac. It is open-source and has authentication built-in. Best practice is to use two separate encrypted databases, one for passwords, and a separate one for TOTP authentication.

 

[Gone Ham]

as I do not own a mobile phone, or any kind of mobile device.

Nigga what. It’s 2021.

 

[0x0000C1A]

Nigga what. It’s 2021.

Check your mailbox, you have received a package from someone named "Ted".

 

[Akashic Retard]

What kind of freak doesn't have a cell phone

 

[Knight of the Rope]

I want to compete with Russell Greer by publishing on Kindle, but can't get past the two-stage authentication process as I do not own a mobile phone, or any kind of mobile device.

This sentence is actually making me go cross-eyed trying to figure out how it makes sense. The only people I've ever met that eschewed cell phones and mobile devices (and were thus permanently "between jobs" as a result, because no employer wants an uncontactable employee) were also doing it as a privacy thing. They didn't want to be carrying around a slab of plastic that alerted the government to their location and thoughts. A noble aim, if futile.

But those people wouldn't be caught dead using Kindle, so I have no clue how you are possible.

 

[shameful existence]

Styx should get verified.

 

[3119967d0c]

But those people wouldn't be caught dead using Kindle, so I have no clue how you are possible.

You can easily supply sufficient power to run a Kindle from a hut in the woods by pedaling on a stationary bi-cycle.

 

[Flabba_Wabba_Jabba_Noonga]

Nigga what. It’s 2021.

Some people prefer not having their entire geographical travel history, speech patterns, text patterns and other metadata used for corporate gain.

 

[Gone Ham]

Some people prefer not having their entire geographical travel history, speech patterns, text patterns and other metadata used for corporate gain.

Ok Dale Gribble

 

[Flabba_Wabba_Jabba_Noonga]

Ok Dale Gribble

Holy fuck if you actually believe that my statement isn't occurring then please continue to not value the one thing that makes you a free man and not a slave.

 

[Friendly Mudcrab]

Authy is another one that has a desktop app, didn't give me problems the last few years.

 

[Gone Ham]

Holy fuck if you actually believe that my statement isn't occurring then please continue to not value the one thing that makes you a free man and not a slave.

No, i realize the corporations are doing it, but holy shit, just get a fucking flip phone instead of a fucking smartphone

 

[Slav Power]

I use KeepassXC on PC/Mac. It is open-source and has authentication built-in. Best practice is to use two separate encrypted databases, one for passwords, and a separate one for TOTP authentication.

I use KeePass2 on my PC with the KeePassOTP plugin and KeePassDX and andOTP on my phone, but to be fair at this point having andOTP is redundant.

 

[lemmiwinks]

I use KeePass2 on my PC with the KeePassOTP plugin and KeePassDX and andOTP on my phone, but to be fair at this point having andOTP is redundant.

Yeah I use a fairly similar setup. AndOTP on my phone, but I use Keepass2Android rather than KeepassDX. I use gdrive to sync and backup my database.
That's been pretty much rock solid setup now for at least 2 years. I've never lost any data with syncing multiple (4 or 5) keepass instances.

 

[Slav Power]

Yeah I use a fairly similar setup. AndOTP on my phone, but I use Keepass2Android rather than KeepassDX. I use gdrive to sync and backup my database.
That's been pretty much rock solid setup now for at least 2 years. I've never lost any data with syncing multiple (4 or 5) keepass instances.

I used to use Keepass2Android, but found KeePassDX's keyboard to be much more superior. Today I've changed my syncing method from using Dropbox to using Syncthing, though I should probably set up some kind of cloud backup too and not rely on local syncing.

 

[Coffee Shits]

Two-factor is only necessary for boomers who think changing "Password" to "Password1" keeps them secure. Disable it if you can, and insult the company's founders when they inevitably pop up a friendly mandatory feedback box demanding why you don't want to be secure, friend, we're just trying to help you (looking at you, Stripe).

If you can't turn it off, link it to a hardware token, never a cell phone or computer; something without the ability to track you independently of your use of the service.

 

[somecryptoneet]

Yubikey or another hardware key is the most sensible solution as mentioned above. If you don't want a separate hardware device, Authy works, I'd recommend writing down your private key or printing the QR code in case your drive fails.

 

[lemmiwinks]

Yubikey or another hardware key is the most sensible solution as mentioned above. If you don't want a separate hardware device, Authy works, I'd recommend writing down your private key or printing the QR code in case your drive fails.

I have used a variety of hardware solutions over the years, beginning with the earlier FidoU2F dongles. This is my favorite:



OnlyKey integrates with other tools such as Yubico's software environment (you can even just clone your Yubikey to it) or Trezor. It's open source and works as a USB keyboard. So you can keep your private keys on it with a password and not have to rely on strange keyboards. It is a really useful device if you need this kind of thing.

I haven't yet used any of the bluetooth or NFC enabled keys, so I can't compare those. But I would definitely recommend OnlyKey if you need a robust crypto token (with extras). I don't use mine for much now because my lifestyle doesn't really require such a robust tool, but it might be helpful to someone else reading the thread.

Edit: I should maybe add that it has a self-destruct function and a stealth function for people who need it (where it would be legal). It has two possible firmwares, one that includes the functionality, and one that does not. You can load either software on the key. If you live somewhere you can't purchase the evasive firmware version you can always later flash it with either version.