2FA

[ghost]

To use either Authy or Authenticator for TOTP is less secure, I will argue, than to use Password Store and/or Aegis.

Password Store uses gpg-encrypted plain text files to manage passwords and syncs with any git provider.

Password Store (Manage your passwords) - https://f-droid.org/packages/dev.msfjarvis.aps

Aegis Authenticator is open source (licensed under GPL v3) and the source code can be found here: http://github.com/beemdevelopment/Aegis

The issue with Authy is that it depends on a phone number which can be changed through an email request, allowing anyone access to HOTP/TOTP after an approximate 4-day wait period.

[OffcierCia]

Great tip!

[OffcierCia]

Added: https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap#problem-2