I never even heard of this Authy issue but people seem up in arms over it.

What I have seen though are Microsoft and Google trying to maneuver their own auth app and hiding the generic OTP option to lock people in.

As long as I can use any generic OTP app I'm happy, and Aegis is definitely my current favorite. I mean I'm a person with close to 50 OTP codes at this time, this is a serious tool in my life.

Aegis, Bitwarden Authenticator, FreeOTP, and now Ente Auth. These are the best ones.

+1 I just host my Vaultwarden server and then, I have all my 2FA secrets in my vault as well. Works very conveniently with autofill enabled by default for OTP codes.

I just have a strong vault password for my vault and that should be more than enough I guess

I use Bitwarden for passwords, so... i dont really like that mucho having 2Fa there too... It losses the porpoise of the 2fa.

Bitwarden has a separate 2fa app so your totp codes aren't in the same password vault (though you can do that, but shouldn't).

Why shouldn't you?

I use a Yubikey as the 2FA for my bitwatden, then store all the TOTP codes with the passwords in the same vault. Quite convenient, and also adheres to the principles of MFA

If your one Bitwarden store were compromised in any way, it is game over since it also contains the 2FA codes.

If you were to use two apps / two stores, there is another hurdle.

That is exactly why I do it.

Not really? Even in the same basket, having TOTP and passwords on iCloud mitigates a lot of scenarios, such as leaked passwords.

Depending on your threat model, this solution is ok — way better than no 2FA at all or SMS.

1Password has a nice article regarding this point: https://blog.1password.com/1password-2fa-passwords-codes-tog...

Add 2FAS to that.

Am I misunderstanding your comment or do you think that Authy is the same as Aegis?

Anyway, Aegis and Ente have export options, Aughy doesn't.

More like, why do they complain if alternatives exist.

Authy supports normal TOTP but also has its own proprietary TOTP format for which alternatives do not exist.

This^

It is a pain to switch over; but that is the way it is with all sorts of proprietary programs. They just tighten the noose regardless if you pay or not.

You're right, it's a pain to switch, BUT: you only have to do it once, if you do it right. Switch to an alternative that gives you the functionality you need (TOTP, and that's it, for me at least) and allows you to export your data to a format that can be reimported to another application at another time (or restore from it in case catastrophe hits).

Once you get rid of the noose, it's no longer a hassle.

For everyone going through this situation, please do a little bit of homework and read up on the capabilities of whatever alternative you're going to pick, and make sure that your data is yours and under your control, and you can back it up in a readable format.

The "jail" is having ~100 secrets there that you cannot take out, so moving out is adding new 2fa on each service.