The first lets you back up your data to any folder on your device or to any storage provider (e.g. Nextcloud and other cloud storage providers) linked to your device. Turn this on at Settings > Backups > Automatically back up the vault. The storage provider's app needs to be installed. Changes are saved to the backup location automatically.
The second uses the OS's built-in backup feature. For Android devices with Google Play Services, the backup is saved on Google Drive. Some other Android distributions such as LineageOS use Seedvault, which can save the backup to any WebDAV provider or an external USB drive. This option is at Settings > Backups > Participate in Android's backup system.
Yubikeys store everything on the key. I can lose my phone and use your phone to see my 2FA codes. It's honestly one of the only way MFA make sense - otherwise you lock yourself out of your entire digital life when you lose your phone and need to rely on storing your backup codes (which opens up a storage security wormhole).
I keep a second key as backup for this reason, which honestly is overkill and I only do because I got a second one for free at a conference. Easier solution (which I also use in case I someday need the second one only to discover that the blue smoke leaked out) is to just print out the TOTP secrets and keep them somewhere. I'm usually printing out recovery codes when I get a new TOTP secret so this has never felt like a big deal.
Also easy enough to maintain a keepass[xc] vault for totp secrets, you could keep a separate one from your passwords if you were feeling paranoid. Great support on mobile and desktop for using a keepass db as a TOTP source - and easy to sync with dropbox/email/ssh/your web server/whatever
Everyone should read this risk mitigation solution for loosing 2FA. I always think about printing recovery codes, but having keepass vault with those codes also sounds great. You may even have some random password there and store it printed out in some locations just for emergency.
Anyways, people should think about these risks when dealing with 2FA: flood, fire, stolen, lost, (I) broke (Smartphone, yubikey, usb, etc), broke (itself), software bug, kids, washing machines, etc.
And also something we usually don’t consider: loss of memory, which can occur in combination with a traumatic event like your house burning. Then you can loose your smartphone, your Yubikey, your printed copy, and your memory all at the same time if everything is stored in one place. And this is exactly when you will need those the most. Not easy to defend against such a nightmarish scenario.
Sure. I have a backup key but yes, you can't get MFA without adding a device that you may lose; whether that's your phone or a key. Like I said I prefer a key because I can't put my phone on a chain around my neck or on my keychain.
Which model do you own and how does the loss manifest?
The single-tap and long-tap don't produce expected output? Can you share more info on it?
I own many Yubikeys (due to research I've been doing in 2017.) and I had many Yubikeys to play with, for TOTP/HOTP/U2F purposes, even using it to unlock Windows and I haven't had a case of a Yubikey basically deprogram itself. I washed them in the washing machine, ran them over with my car, thew them in mud piles and they always worked without a fault so your case is a surprising one.
Judging by what you wrote, unless there's some weird NFC communication going on between your phone and Yubikey (are they in proximity?), I'd say it's faulty and you need a new one.
Classic USB. Plastic. (I don't know the exact model, I got it from work.)
After adding a site or a computer it works a few days and then suddenly when I try to use it with my phone or computer I just get an error about no <something>.
Not enough info to even guess what might be wrong, but I'd assume it's defective and I'd try with another key as well. I wish you good luck with the next Yubkey you get! :)
Btw. this is the first time I've read on a public forum that someones Yubikey is defective, they are really well made and I didn't manage to break one via regular use and bad maintenance.
Aegis is fully offline and doesn't have an official desktop application. You could of course create an export of your Aegis vault and import it in a third-party desktop application, like GNOME's Authenticator or OTPClient.
I can’t believe this is a tech forum. The answer is simple. 2FA has a url. All you have to do is store the url in your password manager. Then you can import it into any new app at a moment’s notice (as long as you have access to the vault) and generate a 2fa code.
In fact, KeePassium on iOS works on this concept. I use it as my primary otp url storage app and then put limited stuff into aegis on my android tablet for anything I may need there. If a keepass based app with an otp generator (like KeePassium) existed for android, I wouldn’t even need that.
AEGIS has this killer feature, with the encrypted database, which I could sync to my local Nextcloud instance. Otherwise, loosing the phone would always mean loosing all your OTPs. Aegis is a direct (better) replacement for Google Authenticator.
Bitwarden can store and then copy/paste TOTPs. I'm not sure if it's the best security practice to have your password and TOTP key saved together like that. But I tend to use it for sites that I don't consider critical. I then use Google Authenticator for everything else. I might try Aegis next time I get a new phone though.
The answer you're looking for is Aegis vault backup + Syncthing or Nextcloud. Seriously.
I once lost my Authy app data and didn't have it installed on any other of my devices (silly requirement tbh). I don't know whether cloud or 2FA is the joke here but Authy slapped me with a 24hr wait time for a "device reset".
You can export the vault (encrypted or not) to a cloud provider (like Google Drive). It's a manual process, but it's simple and quick. Besides, how often do you add new 2FA tokens anyway?
If you enable automatic backups in the Aegis settings it will create a backup after every change. If you set the output directory to a location synced by Syncthing, there's nothing to remember.
It's not clear to me if Aegis allows this somehow?
The other day I broke my phone. I was traveling and needed to do some 2FA level changes to a GH repo asap.
I didn't even know there was an Authy desktop app until then. It saved my ass, literally.