Isn’t the value of two factor auth that it requires a physical device (your phone or computer) with the auth key to authenticate you? Then why don’t many two factor auth apps seem to support syncing? If it’s fine to do so, are there any open source cross platform apps that sync keys?
You can use KeePassXC (with a dedicated vault or not), synced by another mean (Nextcloud, Syncthing, Git, etc.).
Bitwarden has a FOSS client app and FOSS server apps exist (though the default service is not FOSS).
Syncing 2FA keys brings the danger with it that you accidentally sync the key to the device that is used for the first factor thus making it not 2FA anymore.
the default service is not FOSS
You mean server? If so, the server is also open source (https://github.com/bitwarden/server), but the default instance (bitwarden.com) is not totaly free - you have to have a payed subscription for some of the features. If you self-host, then you have all the features (free and/or premium) - and this can also be done with Vaultwarden which is a FOSS alternative to the official server.
You mean server? If so, the server is also open source
That is what i meant. It is OSS but not FOSS because you need a key to start it.
Aegis w/ auto backup + syncthing
wait if i do this how can i see the codes on my pc
It’s considered bad form to do what you’re asking but most 2fa apps have a backup restore scheme now. Is that enough?
A physical token only authenticates itself as “something you have” if there’s no way to extract the key from it. In practice non-hardcore deployments usually have a backup procedure but in principle, if you want multiple tokens, they should have separate keys. What you’re asking in simplest form involves storing the key on a server where it can potentially spill in a server breach or the like. If the key protects something very valuable, that can be dangerous. If it’s for your old Reddit account, you might decide to do it anyway.
Why exactly is that? Because it’s reduced security?
Ente Auth
F-Droid: https://f-droid.org/packages/io.ente.auth/For a quick brief read, it uses its own server to perform the sync.
You can easily self-host it:
https://help.ente.io/self-hosting
This is the correct answer.
You can create TOTP for login records in bitwarden and sync it of course. But make sure you protect your wallet key with additional security methods.
Bitwarden is the way to go.
There is the completely open source https://standardnotes.com/ which would support that via their syncing and the authenticator note type.
Unfortunately it does not look like their free plan allows you to use that note type. So could also host it yourself though (and pay for the premium token their or hack it out - it’s foss). Have never done that myself though