this post was submitted on 13 Oct 2025

123 points (97.7% liked)

Selfhosted

52311 readers

713 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

ruud@lemmy.world

CannaVet@lemmy.world

Loki@lemmy.world

HybridSarcasm@lemmy.world

devve@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

123

What are you all using for a 2FA token manager? (lemmy.blahaj.zone)

submitted 5 days ago by BonkTheAnnoyed@lemmy.blahaj.zone to c/selfhosted@lemmy.world

111 comments fedilink hide all child comments

One more step to unhitching from Google...

Right now the only option I see in F-Droid is Aegis.

I'm not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.

Hopefully something I can sync with a GNOME app...

top 50 comments

sorted by: hot top controversial new old

[–] bitwolf@sh.itjust.works 15 points 4 days ago

Aegis

[–] pipe01@programming.dev 72 points 5 days ago

I use Aegis, it works well

[–] deathbird@mander.xyz 60 points 5 days ago

I like Aegis.

[–] ClydapusGotwald@lemmy.world 10 points 4 days ago (1 children)

Ente

[–] gajahmada@awful.systems 5 points 4 days ago (1 children)

Ente

[–] poolhelmetinstrument@lemmy.world 2 points 4 days ago (1 children)

Ente

[–] agelord@lemmy.world 4 points 4 days ago (1 children)

Ente

[–] antimongo@lemmy.world 2 points 4 days ago (1 children)

Ente

[–] Regulator0394@lemmy.dbzer0.com 2 points 3 days ago (1 children)

Ente

[–] glnpf148@lemmy.world 3 points 3 days ago

Gans

[–] zingo@sh.itjust.works 22 points 5 days ago (2 children)

Aegis.

I like the auto backup feature (encrypted) . Then the backup is synced to computer via Syncthing.

Set and forget setup.

load more comments (2 replies)

[–] salacious_coaster@infosec.pub 49 points 5 days ago (4 children)

Bitwarden. I don't self host it, though. $10 a year for password management and 2FA is fine by me.

[–] TedZanzibar@feddit.uk 6 points 5 days ago

It's niche but I like to point it out whenever I get the opportunity: if your workplace uses Bitwarden Enterprise, every licensed user gets a free family plan that can be linked to any account. I haven't personally paid for BW for years.

[–] HereIAm@lemmy.world 7 points 5 days ago (1 children)

Same. Self hosting it sounds nice, and I self host a handful of services, but I don't want to be stuck without passwords in another country with a dead server at home because a power cut happened at some point.

[–] gaylord_fartmaster@lemmy.world 19 points 5 days ago (2 children)

Bitwarden caches your vault to your device, so you don't actually need a live connection to the server.

[–] az04@lemmy.world 6 points 5 days ago (1 children)

I had fault in my server this summer and my local bitwarden app wouldn't work without the connection. Same in my laptop, if the connection is blocked by the firewall it doesn't let me load the vault at all.

load more comments (1 replies)

load more comments (2 replies)

[–] lka1988@lemmy.dbzer0.com 7 points 4 days ago

I use Aegis, automatically backed up every time a new key is added. Was using Authy for a while, but they're going down the enshittification hole, so I dumped them.

[–] Unlearned9545@lemmy.world 17 points 4 days ago (11 children)

Bitwarden

[–] Landless2029@lemmy.world 9 points 4 days ago (1 children)

I'm a little concerned about having OTP and passwords together in one system.

[–] waspentalive@lemmy.world 3 points 4 days ago (1 children)

OTP is on my phone, Bitwarden is on my computer. I don't use the OTP in Bitwarden.

[–] Landless2029@lemmy.world 2 points 4 days ago (1 children)

This is the way. I use Bitwarden and Aegis.

The issue here is putting Bitwarden on your phone with OTP in Bitwarden.

[–] waspentalive@lemmy.world 2 points 2 days ago

On the phone, I use Authy, More eggs - more baskets.

load more comments (10 replies)

[–] asudox@lemmy.asudox.dev 26 points 5 days ago

I use Aegis on my phone.

[–] cmnybo@discuss.tchncs.de 41 points 5 days ago (6 children)

I've been using KeePassXC. I use Syncthing to keep the database synchronized between computers.

load more comments (6 replies)

[–] Curious_Canid@lemmy.ca 17 points 5 days ago

I've been using Aegis for several years now without any problems. It replaced the Google Authenticator seamlessly.

[–] erev@lemmy.world 4 points 3 days ago

Bitwarden as Vaultwarden enables TOTP.

[–] Lettuceeatlettuce@lemmy.ml 4 points 3 days ago

Aegis for time codes, Nitrokey for physical 2FA tokens.

[–] spacelord@sh.itjust.works 21 points 5 days ago

Aegis ♥️

[–] Appoxo@lemmy.dbzer0.com 21 points 5 days ago

Aegis

[–] fubarx@lemmy.world 18 points 5 days ago (1 children)

load more comments (1 replies)

[–] nickiam2@aussie.zone 3 points 4 days ago

Yubikey. It supports TOTP as well as passkeys. Plus is a physical device separate from my phone. Recommend getting 2 to have 1 as backup

[–] NotMyOldRedditName@lemmy.world 3 points 4 days ago

Yubikeys. I think everyone should get a couple (need 2 in case 1 lost)

[–] blackbarn@lemmy.zip 9 points 5 days ago

Vaultwardwn/bitwarden + a yubikey for bitwarden itself and a few others

[–] vrighter@discuss.tchncs.de 8 points 5 days ago

keepassxc and a yubikey. And syncthing to keep all devices in sync

[–] nullpotential@lemmy.dbzer0.com 12 points 5 days ago

Enteauth

[–] MrSulu@lemmy.ml 2 points 3 days ago

Ente Auth

[–] sbeak@sopuli.xyz 9 points 5 days ago

Aegis seems like a pretty good 2FA app on Android from what I’ve heard. Personally, I use Ente Auth as sync is very helpful when I don’t have my phone nearby (you can either use the desktop app or use your browser, both work). Don’t think you can self-host sync, though I might be wrong. Ente Auth also works without sync, so there’s that.

I would not suggest using a password manager’s 2FA integration (e.g. Bitwarden, I think Proton Pass has one if you use that?) as it kind of defeats the point of 2FA, since if someone got access to your password manager, they would also get the 2FA codes.

[–] retro@infosec.pub 10 points 5 days ago (3 children)

Proton Authenticator. Has both Desktop and Mobile apps. Free. Don't have to sync to Proton.

load more comments (3 replies)

[–] AMillionMonkeys@lemmy.world 12 points 5 days ago

Bitwarden Authenticator because Bitwarden seems to have a good reputation. I don't use their password manager, though.
It does seem faintly insecure that it displays all of the codes at once on one page, but I'm having trouble imagining a scenario where it's actually a problem.

[–] poccalyps@sh.itjust.works 11 points 5 days ago (1 children)

2FAS Authentication

load more comments (1 replies)

[–] Cyberflunk@lemmy.world 10 points 5 days ago (1 children)

1password

load more comments (1 replies)

[–] gagootron@feddit.org 9 points 5 days ago

Yubikey. I dont want to trust my phone, so I use some separate hardware instead

load more comments