2FA
2FA is short for "2 factor authentication", which for me, is based on these.
- Special hardware (eg ETrade)
- Twilio Authy (In addition to devices it runs on desktops too, including Linux)
- Google Authenticator (It turns out this is completely redundant.)
- SMS
Listed in order of personal preference. There are others. Mostly the method is "TOTP", which translates to "Time-dependent One Time Password". SMS is the least secure, avoid this one.
I want to try one of the commercial widgets, um, brand? Probably Yubikey, but don't want to pony up the $45 per token. (= $90 because 1 for me one for backup) The idea here is that you plug the widget in as a USB device and then as long as it's plugged in you don't need to type the 2FA code. There is a feature in Psono that lets you leave the TOTP device on one computer and access the code through a Psono client.
Migrating to > 1 device
I needed redundancy and I started out with Google Authenticator, which meant everything was on one phone. If I left the phone at home then I basically can't log in to any service with 2FA for the day. This was very bad.
Twilio Authy -- add more devices whenever it's convenient. Use a phone or a desktop. https://www.techrepublic.com/article/how-to-set-up-authy-on-multiple-devices-for-more-convenient-two-factor-authentication/
Google Authenticator -- cancel service at each provider, then add back in and set up all devices at the same time. Not convenient. Since I had to cancel service everywhere I had Google Auth, I migrated to everything to Authy and then removed Authenticator from my phone.
I now have all 2FA accounts (except ETrade) in Authy, and it takes about 30 seconds to add additional clients. So, I have Authy installed on my work computer and I can leave my phone at home whenever I want!
Authy guidelines
https://authy.com/blog/understanding-2fa-the-authy-app-and-sms/
