I’m going to start out with stating that, I am a strong advocate of two Factor Authentication (2FA) on pretty much all services, and I am the kind of person who enables it on all services I use.
But, I have found myself running into an odd situation recently. As an IT professional, you will find yourself logging into many account for many companies in your time, and I am no exception to this. The issue is, I am setting up 2FA on all these accounts, so I have now found myself in a situation, where I have 37 2FA accounts on my phone. This may not be a lot to some people, but to me, this is starting to become an issue.
So, why do I have 37 2FA accounts on my phone. Mainly online services, like most people, though unlike most people I have access to three CloudFlair accounts and three AWS accounts. I also use 2FA for a couple of servers I access, in which PKI is not applicable, or I am not the administrator of.
My current work around/management of 2FA, is to split them up into separate apps.
Starting with good old simple Google Authenticator, I use this for the for-mentioned servers and a couple of accounts I don’t want to have the keys for stored online, such as my Proton-Mail account. Next up is Authy, I use this one for 2FA I am using for clients I have access to services for, keeping things independent and relatively secure. And, finally, I use LastPass Authenticator for my personal accounts.
Is there a solution? Honestly, I don’t know. There has been a massive push in the industry, by consumers, over the last few years to allow users to use 2FA on anything they want, and thanks to services such as twofactorauth.org, we have seen companies starting to implement these, though a lot are using SMS 2FA, which is no longer recommended by GCHC or NIST, but it’s still a massive leap forwards compared to no 2FA.
In summary, I am glad that 2FA is becoming a lot more mainstream with availability, even if end user pickup is still so little. Though I am looking forward to the next evolution of 2 Factor Authentication.
Any comments on alternative solutions would be much appreciated, may have to look into getting a YubiKey.
Edit: As Authy now has a search funcationality on IOS blog post, I have now moved everything to that, so I no longer need to worry about thinking of where my MFA/2FA codes are (As it has been pointed out, yes I know I mixed up 2FA and MFA in my post, thanks for the info ^_^).