[etchasketch]

Coincidentally, I switched over to raivo just several weeks ago. There is a way to extract all of your 2fa keys using a deprecated chrome extension, which is what I did. It's quite easy, it spits out everything in a PDF web page with QR codes - I printed the whole page as a backup, then used my phone to add my 20+ accounts in about 5 minutes with the QR code. I have used authy for over 6 or 7 years, but for some reason I was getting uncomfortable with having it tied to my phone number.

There is an ipad app, which I installed on my M2 macbook air, so I can access it on my laptop as well. I also downloaded a version onto my old iphone 6 I keep in a drawer under my bed, just as a backup in case something gets stolen. And I have an ipad mini that I use on a daily nightly basis for reading and browsing. In addition to a ~5 year old windows desktop and a windows laptop form ~2015.

I've been resistant to using apps that only exist in the apple ecosystem, because I generally have only used windows laptops and android phones. But now I use an iphone, I have an m2 macbook air, and quite honestly the quality just blows everything on the windows / android side out of the water. I finally just admitted to myself that there is probably never going to be a scenario where if my phone breaks, I would go out and buy an android phone. It won't happen. The sheer connivence of just getting a new replacement phone, logging in, and having all your settings and files and (2FA codes! - encrypted in icloud!) automatically download is understated.

The price of an old iphone 6 or 6s is ~25-40 dollars on ebay. The price of a yubikey is 50 or 60 bucks.

[latchkey]

I strongly considered raivo, but there is one thing standing in the way...

There is no way to recover your backup easily...

https://raivo-otp.com/faq/#how-do-i-restore-from-a-zip-archi...

... and it is a 2 year old issue...

https://github.com/raivo-otp/ios-application/issues/22

[etchasketch]

I actually noticed this, but I consider this a feature, not a bug. In raivo, you are able to export an encrypted zip file, which I did and saved to a flash drive and put it next to my old iphone 6 in a drawer under my bed. It's reassuring in a sense, that if someone does obtain access to that encrypted backup file, they wouldn't be able to do some fuckery and automatically "recover" the backup on a phone that is not mine.

I will say that what surprised me about the exported backup encrypted zip file - it did not work the way I expected. I thought it was going to be some .txt file with a bunch of numbers and things I would have to input into a new 2fa app manually - but no, it's legitimately a a very nice html document that has every 2fa account laid out neatly with a QR code, section by section. When transferring these codes to my old iphone 6 (before I turned on icloud sync), I just held my phone up to my laptop screen and moved it inch by inch every 1 second (tapping accept in between) to scan and add 20+ codes with the camera. It took me 5 minutes to add them initially as I doubled checked the veracity of the 2fa codes generated... but truthfully you could probably add 20+ accounts in under a minute. If not quicker.

I don't consider the lack of an automated way to import the manual backups a bad thing. The encrypted icloud sync works remarkably well. The exported zip backup would, in in the worse case scenario, be where I lost my iphone 12, I lost my macbook air, someone stole my ipad mini, and in the same day, someone broke into my house, went under my bed, and additionally stole the beat up looking iphone 6 in the back of the drawer. But again, since the codes are backed up encrypted in iCloud, just because my devices are stolen doesn't mean I lost access to them. I could also drive 30 minutes downtown, walk into an apple store, buy an iphone on the spot, download raivo from the app store and have it automatically sync my codes from iCloud, and have access to my 2fa codes, all within an hour. Or I could go to craigslist and find someone selling an old ipad, iphone, or whatever and buy it off them for 50 bucks and have access to my codes. My wife also has an old iphone 7 that is laying unused on the bookshelf in our living room, which I could also just log in and access my codes as well.

Basically, what I'm saying, is that as long as an encrypted copy of my 2fa codes exist in icloud, I can log into any idevice and have access to my 2fa codes. The chance of me having to manually use my encrypted .zip backup is virtually nil. The only scenario I can envision is if someone stole every device I own, burned my house down, sim swapped my phone and stole my cell phone number, burned down the local google data center (likely centers) where my iCloud user data is stored on Google Cloud, and also bought every iphone, ipad, macbook, and apple device in a 100 mile radius, including used models, and including breaking into and robbing every apple store in the vicinity so I couldn't procure a new idevice. That is legitimately the only scenario I can foresee in where I would lose access to my 2fa codes.

Apple devices are ubiquitous in the US. I still have a windows laptop and desktop that I had considered as my "main" computers for the longest time. I had a real come to jesus moment several months ago when I realized my way of thinking was a bit outdated. I had thought that in order to reduce the attack surface, I would need to manually backup all my codes, print them out, make several copies so I wouldn't lose one of them, and use my 2fa codes only on one device. But truthfully - there is another way of ensuring ubiquitous access to my 2fa codes, and it didn't involve much more effort on my part.

[latchkey]

I want to switch devices, install the app, put in my password and have all my codes sync'd into the app directly. I don't want to bother with scanning 50+ accounts (I use 2fa for everything), by hand in the name of pseudo security. After 2+ years, that feature should be fixed.

[etchasketch]

But that is what happens, when you use the icloud backup. You log in, you you create a new passcode, and the app automatically looks in your icloud folder for a backup, then restores it automatically. There is no account creation involved in the process. What you are asking for already exists.

What you are asking for is the manual backup you create to automatically restore.

[latchkey]

Oh interesting! That wasn't clear to me... thanks for the help!

[hkc]

+1 for Raivo.

App Store Link: https://apps.apple.com/us/app/raivo-otp/id1459042137

On Android I would recommend Aegis.

Playstore: https://play.google.com/store/apps/details?id=com.beemdevelo...

F-Droid: https://f-droid.org/en/packages/com.beemdevelopment.aegis/

[crossroadsguy]

Raivo is not letting me proceed without setting a master password.

I tried an 8 digit long key. 9 char long string. 9 char + 3 spaces. 9 char + 3 hyphens.

It just keeps rejecting them saying weak passwords without telling me what does it need.

I finally set a long randomly generated password and it was accepted. I like to remember passwords of my password manager and TOTP tool. It I knew the requirement I would have set something longer but memorable.

Isn’t there s desktop tool at all?

[hkc]

XKPasswd is the best tool to generate a strong memorable password imo.

https://xkpasswd.net/s/

[fmajid]

Thanks for the recommendation. I use Lockdown (the TOTP app, not the firewall) and even wrote an exporter for it, but it’s essentially unsupported now.

https://brooksreview.net/2015/05/lockdown/

https://blog.majid.info/lockdown-export/