2fa recommendation for google

username1234

Looks like nowadays we can get locked out of our google account anytime if we don’t have 2fa setup, even if we know the credentials. So I’m wondering what’s the best privacy focused way to 2fa google account? (Besides email and phone).

Possible to do 2fa via Tofu app (or any other better app?), if i do it via that app, google can collect from informations from my phone? (Running iOS)

p338k

username1234

I like Aegis.

Phead

I can recommend Aegis as well.

As far as I'm aware of there is no data exchange between google and your 2FA app. Usually you get a key (QR code or cipher) and add it to your app. Done. The 2FA code is generated locally on your device without any connection to google.

dregrinfuces

I'm using Yubikeys:
https://www.yubico.com/

p338k

dregrinfuces

Yubikey is nice. It is disappointing that Android has poor support for them.

bookreader

Any TOTP application you like will work. Just choose the "google authenticator app" option -- in reality it works with ANY authenticator.

boldsuck

p338k Yubikey is nice. It is disappointing that Android has poor support for them.

You can use your phone itself as a 2FA key. Use your phone's built-in security key

Generally: Always have backups for 2FA. I have YubiKeys, SoloKeys, NitroKeys and OnlyKeys + andOTP (TOTP App) & gpg encrypted backup. YubiKey is proprietary, everything else is open source.
I use my hardware Pin protected OnlyKeys the most. For PW, 2FA and FIDO2 SSH keys.

Aeon

I am using Aegis Authenticator for TOTP 2fa :-)

[deleted]

Proton Pass ;)

newbie24689

[deleted] Some questions, please:

(My situation: I have a proton mail account, and still have gmail account which I want to access from my GOS P7, a windows laptop, and a Linux laptop.)

Presuming you have a gmail account and that you access it from multiple devices, and each device is using proton pass:

How did you configure gmail? (e.g. indicate "google authenticator" for GOS, then use PP on GOS, and extensions on firefox and/or windows laptop?)
Does Proton Mail coordinate the various uses of Proton Pass?
Was your first use of PP and 2fa on your GOS Phone?
TIA

[deleted]

I'm using https://github.com/Bubka/2FAuth in a docker and hosted at my house. I'm connecting via VPN when I need

DeletedUser245

boldsuck Solokeys1 works with pixels? Do you use some app with it?

boldsuck

DeletedUser245 Solokeys1 works with pixels?

Neither SoloKey1 nor SomuTiny. Pixel has a Titan Security Key built in. The link above explains how you can use it to log in to Google.
Although you can use an Onlykey-DUO on phones, I prefer OTP apps on Android.
andOTP (unfortunately discontinued, but can do OpenPGP-encrypted backups) Aegis can import the entries of andOTP & lots of other authenticators.

If you use 2FA you need an OTP app and hardware sec key(s) anyway.

missing-root

Yubikey is proprietary and their firmware cannot be upgraded. So you need to buy a new one if you need more features or a security fix.