Transcript
A wafrn woot (post) by @tinker@infosec.exchange saying "Microsoft Authenticator needs me to validate with Authenticator in order to log in with Authenticator to use it to authenticate another app with Authenticator. Here is the app telling me to open itself to validate itself with itself. #infosec #iHateComputers" It has a screenshot showing the microsoft authenticator app.
I use vaultwarden (passwords, mfa, etc), which moves the point of failure from a device I hold and am at constant risk of dropping, to the server it's running on that has no risk of being dropped. There are people that will scream 'you shouldn't store mfa with your passwords' but if someone already breaches my vault then I have WAY bigger problems, so the argument is moot. Just secure your shit correctly and it's nbd.
Then it becomes a case of data safety and integrity, so raid, snapshots, encrypted backups on and off-site, having those encryption keys accessible in a physical form near the server for recovery...