2a. No 2fa, so this is a reduction in my current security
That’s open to interpretation. Your current solution you thought was secure, but you used a service that as it turned out had bad security practices, which you just didn’t know (arguably couldn’t know). ANY online/cloud service that you don’t host yourself has this issue with being a black box of unkown quality. Any online service you do host has to be secured by you (or you need to trust that the base setup of that tool is “sufficiently secure”), and is in essence limited by your knowledge of the tool and technology used. Also if you’re reusing any passwords, anywhere, just stopping that practice is likely more secure in practice compared to 2fa in isolation.
2fa in general isn’t just plaing “better” than not having it, security is rarely this black and white. It also depends on what is allowed to be the “second factor”, and since yours included SMS, it really wasn’t secure at all (like others have also mentioned in this thread). And it depends on the password of course. For example if you use a really secure password (30+ characters), and don’t reuse it, it will in practice be more secure than a short(ish) password and a 2nd factor that allows SMS. Generally 2 factor is used as a term for 2 categorically different athentication methods: one thing you know (password, pin) and one thing you own (phone, physical device/key, or a file works too). The problem is that SMS doesn’t require your phone. It’s incredibly easy to get the SMS without having your phone (even easier with physical proximity) or flat out faking owning your phone number (dpends on a lot of factors how easy or hard that is in practice, doesn’t require physical proximity). Basically, if someone actively targets you and/or that account secured by SMS 2fa, it isn’t overly hard, but it’s good enough at preventing giving access through a data leak for example.
So, back to the security of “solution 2a”: how would someone get access to a long password you don’t use anywhere else, that isn’t written down anywhere (or nowhere accessible), and where you essentially never need to use/access the account in the first place? Nobody would even know that whole account exists unless you specifically tell them, let alone knowing how to get in. Note that this can also be combined with the concept in solution 4, so you’re then using it to only restore a single 2fa code. So that “safety net fallback account” very rarely needs to be updated with a newer Aegis-Backup, making it even more obscure/unknown. That 2fa code then lets you access your normal account and backups, and you restore the full suite of 2fa you need.
It boils down to this: local 2fa with a backup means you need to get access to a single file to securely restore full access to everything. That file can be transmitted insecurely (due to strong cryptography and hopefully a good password not used anywhere else), but I wouldn’t store it out in the open either.
On the other hand, any cloud based solution is an inherent black box. You trust them to properly do things, and you only know they didn’t once it’s too late (like Authy). It also means they are, by nature of what they do (storing account access information), a target and if the attacker is successful, you’re the collateral without having been explicitly targeted. Maybe there are sevices out there that let third parties audit their security and publish the results, but I don’t know of any and it would probably increase the price by an prohibitive amount for most people.
Okay I see what you’re saying but it’s still a downgrade from what I thought my security was, the fact authy broke that trust doesn’t mean I want to compromise what I was expecting to the level they ended up providing me
Sure, I guess the thing I’ve not made clear enough is that I accept the compromise of security by having an SMS backup in this scenario for the convenience it provides in restoration. Someone could compromise my SMS but they’d still need my password, and in Authy’s case, they would also then need to be able to sufficiently convince Twilio that I’m me before they allow access again. I understand that the last step is obviously not possible with a non-commercial solution.
Tbh you’ve kinda come up with the solution for me though, if I keep the database in it’s own cloud storage separate from everything else I could set up SMS 2FA and a unique memorable password to get a similar experience to what I have now, albeit without the extra verification when SMS is used.
Since you’ve been helpful already, one last question if you don’t mind: do you have good recommendations for iOS, Mac & Windows clients for aegis? The official repo seems to just be an android app, and I make use of authy across all 4 platforms currently
Well to be frank, the fact that you’re asking this shows you haven’t really understood what makes something secure or insecure, or it isn’t as important to you as you claim. If you want your stuff to be secure, your phone is the only “thing” that generates the 2nd factor. Especially things that are critical shouldn’t have duplicate devices being able to also generate codes. If you do want to generate codes for less critical accounts somewhere else, you should register a 2nd TOTP generator with that service and use one each per other machine. That way, if something gets compromised, you can just revoke those devices preventing any damage without having to re-setup existing 2fa again for the devices that weren’t compromised.
Now aegis is Android only, like you said. It also has no way of syncing with another instance (by design). It’s local only, it can just do backups. Having it send the highly critical information anywhere kind of defeats the security-purpose of it being local only. It adds a whole communications protocol that has to be secured, and somehow you have to authenticate the other side and so on. This also probably doubles the complexity (or at least size of the codebase) for the project, which then makes audits harder et cetera. Aegis currently does one thing (generate TOTP codes), and does this very well and as secure as it can without compromises.
Now for an actual answer: Most password-managers can also generate TOTP codes, like KeePass or KeePassXC to name two open source ones. But it’s their secondary purpose, with the primary obviously being storing the passwords. I’m not going to get into the implications of storing a TOTP code generator secret together with the password of the account it protects, let’s just say there are some. Since the actual secrets are stored in a (secured) database, you can sync these between devices. Or you can just create multiple TOTP generators for a single service and keep them separate.
Or we circle back to something server based, like BitWarden, which is primarily a password manager but also does TOTP. It’s a commercial, server based solution that is free for individuals. I’m not sure what the current limitations are for those accounts, like number of entries or just who you can share stuff with and so on. There is a open source implementation of their protocol called VaultWarden, where you can self-host the back end and not rely on the company securing their servers properly (and/or not being collateral damage in a breach of some kind). Again, combining password + TOTP-storage in the same service that is accessible online should be done with considerable thought to how it’s secured, but you could use this to only store the 2fa aspect as well.
Well yes, the most secure way would be a single source of OTPs, however I’m happy to compromise that slightly for convenience. Having 3-4 devices with access to the OTP database isn’t a huge increase in my attack surface. An attacker would still need to steal one of my devices, rather than one specific device. Those devices would also naturally be protected by additional factors.
I understand I would have to handle the syncing of the database for aegis, I was more curious if you knew of other clients that could use the same database format on other platforms.
I’m very aware it’s a bad idea to keep your OTPs in the same database as your passwords (and in fact already make use of keepass). I would probably not even sync the databases using the same mechanism
Bitwarden/vaultwarden does seem to be the front running option if there aren’t suitable clients for reading an Aegis database on other platforms, and I’ll just ignore the password manager aspects of it even if that means it’s a heavier solution than I’d have preferred.
That’s open to interpretation. Your current solution you thought was secure, but you used a service that as it turned out had bad security practices, which you just didn’t know (arguably couldn’t know). ANY online/cloud service that you don’t host yourself has this issue with being a black box of unkown quality. Any online service you do host has to be secured by you (or you need to trust that the base setup of that tool is “sufficiently secure”), and is in essence limited by your knowledge of the tool and technology used. Also if you’re reusing any passwords, anywhere, just stopping that practice is likely more secure in practice compared to 2fa in isolation.
2fa in general isn’t just plaing “better” than not having it, security is rarely this black and white. It also depends on what is allowed to be the “second factor”, and since yours included SMS, it really wasn’t secure at all (like others have also mentioned in this thread). And it depends on the password of course. For example if you use a really secure password (30+ characters), and don’t reuse it, it will in practice be more secure than a short(ish) password and a 2nd factor that allows SMS. Generally 2 factor is used as a term for 2 categorically different athentication methods: one thing you know (password, pin) and one thing you own (phone, physical device/key, or a file works too). The problem is that SMS doesn’t require your phone. It’s incredibly easy to get the SMS without having your phone (even easier with physical proximity) or flat out faking owning your phone number (dpends on a lot of factors how easy or hard that is in practice, doesn’t require physical proximity). Basically, if someone actively targets you and/or that account secured by SMS 2fa, it isn’t overly hard, but it’s good enough at preventing giving access through a data leak for example.
So, back to the security of “solution 2a”: how would someone get access to a long password you don’t use anywhere else, that isn’t written down anywhere (or nowhere accessible), and where you essentially never need to use/access the account in the first place? Nobody would even know that whole account exists unless you specifically tell them, let alone knowing how to get in. Note that this can also be combined with the concept in solution 4, so you’re then using it to only restore a single 2fa code. So that “safety net fallback account” very rarely needs to be updated with a newer Aegis-Backup, making it even more obscure/unknown. That 2fa code then lets you access your normal account and backups, and you restore the full suite of 2fa you need.
It boils down to this: local 2fa with a backup means you need to get access to a single file to securely restore full access to everything. That file can be transmitted insecurely (due to strong cryptography and hopefully a good password not used anywhere else), but I wouldn’t store it out in the open either. On the other hand, any cloud based solution is an inherent black box. You trust them to properly do things, and you only know they didn’t once it’s too late (like Authy). It also means they are, by nature of what they do (storing account access information), a target and if the attacker is successful, you’re the collateral without having been explicitly targeted. Maybe there are sevices out there that let third parties audit their security and publish the results, but I don’t know of any and it would probably increase the price by an prohibitive amount for most people.
Okay I see what you’re saying but it’s still a downgrade from what I thought my security was, the fact authy broke that trust doesn’t mean I want to compromise what I was expecting to the level they ended up providing me
Sure, I guess the thing I’ve not made clear enough is that I accept the compromise of security by having an SMS backup in this scenario for the convenience it provides in restoration. Someone could compromise my SMS but they’d still need my password, and in Authy’s case, they would also then need to be able to sufficiently convince Twilio that I’m me before they allow access again. I understand that the last step is obviously not possible with a non-commercial solution.
Tbh you’ve kinda come up with the solution for me though, if I keep the database in it’s own cloud storage separate from everything else I could set up SMS 2FA and a unique memorable password to get a similar experience to what I have now, albeit without the extra verification when SMS is used.
Since you’ve been helpful already, one last question if you don’t mind: do you have good recommendations for iOS, Mac & Windows clients for aegis? The official repo seems to just be an android app, and I make use of authy across all 4 platforms currently
Well to be frank, the fact that you’re asking this shows you haven’t really understood what makes something secure or insecure, or it isn’t as important to you as you claim. If you want your stuff to be secure, your phone is the only “thing” that generates the 2nd factor. Especially things that are critical shouldn’t have duplicate devices being able to also generate codes. If you do want to generate codes for less critical accounts somewhere else, you should register a 2nd TOTP generator with that service and use one each per other machine. That way, if something gets compromised, you can just revoke those devices preventing any damage without having to re-setup existing 2fa again for the devices that weren’t compromised.
Now aegis is Android only, like you said. It also has no way of syncing with another instance (by design). It’s local only, it can just do backups. Having it send the highly critical information anywhere kind of defeats the security-purpose of it being local only. It adds a whole communications protocol that has to be secured, and somehow you have to authenticate the other side and so on. This also probably doubles the complexity (or at least size of the codebase) for the project, which then makes audits harder et cetera. Aegis currently does one thing (generate TOTP codes), and does this very well and as secure as it can without compromises.
Now for an actual answer: Most password-managers can also generate TOTP codes, like KeePass or KeePassXC to name two open source ones. But it’s their secondary purpose, with the primary obviously being storing the passwords. I’m not going to get into the implications of storing a TOTP code generator secret together with the password of the account it protects, let’s just say there are some. Since the actual secrets are stored in a (secured) database, you can sync these between devices. Or you can just create multiple TOTP generators for a single service and keep them separate.
Or we circle back to something server based, like BitWarden, which is primarily a password manager but also does TOTP. It’s a commercial, server based solution that is free for individuals. I’m not sure what the current limitations are for those accounts, like number of entries or just who you can share stuff with and so on. There is a open source implementation of their protocol called VaultWarden, where you can self-host the back end and not rely on the company securing their servers properly (and/or not being collateral damage in a breach of some kind). Again, combining password + TOTP-storage in the same service that is accessible online should be done with considerable thought to how it’s secured, but you could use this to only store the 2fa aspect as well.
Well yes, the most secure way would be a single source of OTPs, however I’m happy to compromise that slightly for convenience. Having 3-4 devices with access to the OTP database isn’t a huge increase in my attack surface. An attacker would still need to steal one of my devices, rather than one specific device. Those devices would also naturally be protected by additional factors.
I understand I would have to handle the syncing of the database for aegis, I was more curious if you knew of other clients that could use the same database format on other platforms.
I’m very aware it’s a bad idea to keep your OTPs in the same database as your passwords (and in fact already make use of keepass). I would probably not even sync the databases using the same mechanism
Bitwarden/vaultwarden does seem to be the front running option if there aren’t suitable clients for reading an Aegis database on other platforms, and I’ll just ignore the password manager aspects of it even if that means it’s a heavier solution than I’d have preferred.
Thanks for bearing with me on this