One more step to unhitching from Google…
Right now the only option I see in F-Droid is Aegis.
I’m not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.
Hopefully something I can sync with a GNOME app…
The point of 2FA is “something you have” and “something you know” to enter a secured system.
If you put both of those into one system that is accessible by one password, the whole concept is defeated.
My threat model isn’t having someone take my computer and log into stuff so my concern when using 2FA is more about them having gotten hold of a password remotely. But a TOTP makes that password pretty hard to use, no matter where it’s stored. And my BW is also protected by a Yubi/password combo, so I guess I’m just vulnerable to having that beaten out of me.
The other issue with this - If you lose access to that one system, you’re SOL. It’s a single point of failure.
That I could accept as a good reason.