As another poster stated, most people will have 2FA on their phone. If someone gain access to my phone unlock, they still need to get pass the biometric.įor apps, there are quite a number. For example, in order to access my 2FA in Aegis, I must biometric login. Ideally, it should have some sort of authentication to see the token. A lot of products will not let you get the token out, making it impossible for you to leave if you no longer like the product. Ideally, it should have a way of exporting the tokens. It must have a way of backing up, otherwise if you lose your 2FA device, you will lose the ability to log into your accounts. Storing 2FA in plain text on your device is bad. In either case, there must be a way to encrypt the storage. It's 2FA if the method of authentication is different than the main. Unlike another poster, I disagree that it must not be cloud based.
For TOTP, I would recommend looking for an app that has the following: The main idea is to have a second method different than your main one, it impeds the attacker since they must know both your main login and your second factor.īased on your post, you are looking TOTP, a 2fa methoid that uses a secret and a timestamp to generate a code. This 2nd factor can take the form of a SMS message, an app, a hardware key, even your phone. The idea for 2FA is to add another barrier to your account, a second factor so to speak. Let me start with what I think 2FA is for.
