Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

(Standalone) applications for verification codes (TOTP)

Aegis Authenticator (Android)

Raivo Authenticator (iOS)

2FAS Authenticator (Android)

Dashlane Authenticator (Android, iOS)

ESET Secure Authentication (Android, iOS)

FreeOTP Authenticator (Android, iOS)

Google Authenticator (Android, iOS)

Microsoft Authenticator (Android, iOS)

2fast – Two Factor Authenticator (Windows)

In case you decide to use a cloud synchronization feature of your authenticator, you must protect your cloud synchronization account with another form of MFA, like a security key.

If you synchronize your TOTP codes into an account protected only by a password (for example Google), an attacker which steals your password will also get access to your TOTP codes, and therefore all your MFA protected accounts (like in this breach).


Password managers

Some password managers include an authentication feature, so you can use them for the verification codes (TOTP). This is a list of such verified password managers:

KeepassXC (Windows, macOS, Linux)

Bitwarden (paid version only; Android, iOS, browser add-ons)

Apple Keychain (iOS, iPadOS, macOS)

Dashlane Password Manager (Android, iOS, browser add-ons)

Keepass2Android Password Safe (Android)

1password (Android, iOS, browser add-ons)

Proton Pass - Password Manager (Android, iOS, browser add-ons)

In order to keep your TOTP codes safe, you must protect your cloud-based password manager account with another form of MFA, like a security key.

If you synchronize your TOTP codes into an account protected only by a password, an attacker which steals your password will also get access to your TOTP codes, and therefore all your MFA protected accounts.

  • No labels