Yesterday, I accidentally removed an authenticator app from my phone. Fortunately, I have another copy of the app on a different device. It made me realize how easy it is to lock myself out of my accounts. Do you think it’s a good idea to create a Windows VM with an Android emulator on it and install copies of all my authenticator apps, this will not cause any security issues?
why not consolidate your auth apps?
i use selfhosted vaultwarden (with backups ofc) for everything, except for vaultwarden, which is protected by authy . and authy can be backed up easily
I backup the data but not the apps
Sane MFA apps explicitly disallow their data from being backed up. That would be a massive attack vector if it was possible.
Which is exceedingly dumb IMHO. Sure it would be a vector, but it’s a vector to something that should be an additional step to username and password. Idk, I use vaultwarden and find myself worrying less about “what if?”. I’m also enabling TOTP far more often now that I can easily add it to my phone and have it sync to other systems.
Instead of authy, may I suggest Ente Auth. It works the same as authy but is open source.