this post was submitted on 20 Jul 2023
27 points (96.6% liked)

Selfhosted

40737 readers
482 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

So I selfhost Vaultwarden which allows TOTP but I like to keep my 2FA and Password Manager separate, so I'm looking for something like Vaultwarden which can sync up with my server, but for 2FA only. I came across 2FAuth which can do it, but it only has webapp, so if a Alternative Service where there is a client for iOS and Android it would be a lifesaver. Thanks in advance for any suggestions or recommendations.

top 22 comments
sorted by: hot top controversial new old
[–] herrfrutti 17 points 1 year ago* (last edited 1 year ago) (2 children)

Does it need to be selfhosted, or is an open source app okay? Okay I've not red all your post... there is no ios client for aegis... I use aegis: https://github.com/beemdevelopment/Aegis

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (2 children)

Yes actually I'm personally using Aegis rn, but I'm okay with backing up and having backup sync elsewhere, and then do the restore if I switch or something.

But I'm actually looking for Selfhosted solution for my sibling and parents as they are not that tech savvy, so it would be headache for them to think about backup, sync and restore. they need something which is a simple login and go solution like Vaultwarden (bitwarden) with Automatic server sync, where they can enter a link or use app to access it.

[–] ellesper 2 points 1 year ago

Frankly, if they aren’t tech savvy, you should just have them use Authy. No, it’s not open source, but it’s just fine for the average user.

[–] ellesper 1 points 1 year ago

Frankly, if they aren’t tech savvy, you should just have them use Authy. No, it’s not open source, but it’s just fine for the average user.

[–] [email protected] 4 points 1 year ago

I use Aegis as well. I auto backup the files to my NAS at home

[–] [email protected] 12 points 1 year ago (1 children)

Here's a crazy idea...

Why not use another Vaultwarden account? :D

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

Lol I just came up with such crazy idea 45 mins ago while replying to another comment , here I went crazier and thought of whole 2fa instance instead of account : https://lemmy.dbzer0.com/comment/1144220

[–] [email protected] 6 points 1 year ago (1 children)

That's an overkill and doesn't give any extra security. Multiple accounts is more reasonable.

[–] ech0 -1 points 1 year ago

You're just objectively wrong. 2 instances will ALWAYS be more secure.

[–] [email protected] 6 points 1 year ago (2 children)

In my opinion the best 2FA is a yubikey. They have an TOPT app too, but I prefer webauthn.

[–] [email protected] 3 points 1 year ago (1 children)

I wish that cloudflare deal was still available. They are pretty expensive at RRP, although probably worth it on balance.

[–] [email protected] 2 points 1 year ago (1 children)

If yubikeys are too expensive for you, you can use the security keys. Webauthn is supported, but not TOTP. You could use vaultwarden or bitwarden for TOTP and the Security key as 2FA for bitwarden 🤔

[–] [email protected] 2 points 1 year ago

I'm actually using KeepassXC etc at the moment and am waiting on them to support hmac-secret so the cheaper security keys work. Although I'm willing to switch to vaultwarden, I'd be more comfortable with both supporting it before I invest in it.

[–] pahakala 2 points 1 year ago (1 children)

do you have two or more yubikeys? how do you handle sites that only allow registering a single webauthn dongle? how do you handle backup 2fa?

loosing my yubikey is the main reason why i havent used it yet for webauthn. I just use pass and openpgp keys stored on the yubikey as that way it was possible to backup the encryption private key to a seperate usb drive that can be used to restore it later if needed.

[–] [email protected] 3 points 1 year ago

I have 2 yubikeys, one for backup in a safe place. If a site only allows one key, like PayPal, I use another method. Yubikeys are for 2FA on my nextcloud and bitwarden mainly. Both have backupkeys in case you lose them. Those keys are printed out and stored in a safe place too.

[–] [email protected] 3 points 1 year ago (2 children)

For people who don't mind it not being self hosted: Authy is good for this. You can also set a backup password (to encrypt your tokens on their servers) and optionally use it cross device.

You can allow multi device temporarily to setup, then disable to not allow new devices, etc.

(I get you didn't ask this specifically, but figure it could be useful to someone else).

[–] [email protected] 3 points 1 year ago

Authy is great, but I really wanna selfhost 2FA, as I did personally ran into issue back in 2019 or 2020 where Microsoft Authenticator suddenly lost 2FA cloud sync backup so I had to send my Legal ID proof for multiple accounts for them to disable 2FA, while I still didn't recover my old Instagram account as face verification kept on failing and Meta's human support is nonexistent, and this happened for multiple users on Microsoft Authenticator and was showered with negative reviews on play store back then. Since then I dont trust Cloud Sync for any thing, so I did use Aegis and did auto backups and sync on that,but currently I'm looking for something simple for my parents which can Autosync without them worrying about restoring backups, where they can just login and use. Details mentioned here : https://lemmy.dbzer0.com/comment/1142860

[–] pahakala 3 points 1 year ago

There is also a authy-export tool that makes it pretty easy to export all the tokens to selfhosted pass repo.

[–] [email protected] 1 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago (1 children)

Agreed. I'm using Aegis already, but looking for something to work more like Vaultwarden with Autosync for my parents mainly complete details mentioned here : https://lemmy.dbzer0.com/comment/1142860

[–] [email protected] -1 points 1 year ago (1 children)

@fedonr Vaultwarden also has 2FA option. You can use that if it fits in their workflow.

[–] [email protected] 1 points 1 year ago

True, but as I shared in Original Post, I like to keep my 2FA separate from my Password Manager for additional security. But you did give a great idea. I'll try to run 2 separate instances of Vaultwarden 1 for Password Manager ans 2nd for 2Fa only, I'll check how that works out and update it here. Thanks tho.

load more comments
view more: next ›