Aha. Sorry, I misunderstood. I saw the first line about Proton Pass already supporting MFA and I wasn’t familiar with Ente Auth. I did just look it up and I can’t believe I’ve never heard of it before. It’s even AGPL-3.0, be still my beating heart! Thank you for pointing it out!

https://ente.io/ for anyone curious.

Ehhhh but they already have this in Proton Pass?

E: found this in the FAQ

Proton Pass is a password manager designed to securely generate and store strong passwords, and protect your digital identity with features like email alises and dark web monitoring. It also includes an integrated authenticator that can store and autofill 2FA codes - but not the ones used to log in to your Proton account. Proton Authenticator is a standalone 2FA app that allows users to enable 2FA protection for their Proton account, it also allows users to store their 2FA codes separate from their passwords if they wish to do so.

If you already use Proton Pass, I think I'd recommend Ente Auth instead. That's what I use.

Thank you for your comment. I was also confused initially before reading properly. I thought, 'What? But isn't the Proton 2FA thing paid? What do they gain by making it free?' It seems that most people are not willing to use this new app, though. Ente, Aegis, whatever the alternative is, there doesn't seem to be a reason to use this new authenticator from Proton instead. I wonder what their goal is here. Is it simply to expand their app 'ecosystem'?

These are great points, but there is something more that phones have going for them.

All modern phones are full-disk encrypted by default, and can be remote wiped. I think this is only the case for Mac laptops, but not for Linux and Windows.

So if your phone is stolen, it's not really a risk of the thief having your password manager and your 2FA at the same time, but rather can they get in to your phone and then password manager and 2FA before you can trigger the remote wipe.

Unless the attacker is sophisticated enough to mirror the whole disk and attack it offline.

It’s legit. The negative comments are because the CEO supports US Republican politicians which is a red flag, but there haven’t been any operational reasons to not trust them that I’m aware of.

Why? What’s wrong with Authy? I use it, Proton and Bitwarden. I could consolidate everything into Proton, but I’m concerned about having everything with one vendor.

It’s legit. The negative comments are because the CEO supports US Republican politicians which is a red flag, but there haven’t been any operational reasons to not trust them that I’m aware of.

Just like Tesla. Its AOKAY to jump into a new company even if the CEO is a crazy racist.

I've been meaning to get rid of Google Authenticator. Think I'm gunna go do that today.

Yeah, I also was disappointed that proton wallet was for crypto and not credit cards. Unless someone can recommend an alternative to Google wallet, preferably from F-Droid

BitWarden is F(antastic)OSS.

Consider Aegis if you want an offline and secure alternative.

Aren't all 2FA apps offline compatible?

Should be, but not all of them allow you to opt-out of cloud sync.

Proton does this as well, you can use it completely offline without an account

Doesn't support republican politicians. Congratulated the anti-big-tech appointment by a republican politician (Trump).

2fa only for paying customers, no?
I mean, I pay because it's dirt cheap for tge convenience they offer but still no free 2fa

BitWarden is F(antastic)OSS.

since bitwarden is selfhostable there are public instances like there are lemmy instances and they have free bitwarden premium features the ones i know of is tchncs.de and adminforge.de

Should be, but not all of them allow you to opt-out of cloud sync.