Here is quick information on how to get started with my favorite
password manager and two-factor authentication (2FA) authenticator.
This old blog post of mine has some great background:
https://www.gsharratt.com/2020/03/set-up-password-manager-nice-covid-19.html
It talks about why you need a password manager in your life. (Ignore the mention of LastPass, 1Password, and Authy.)
The password manager I recommend (free for the low tier, which is still great) is Bitwarden:
https://bitwarden.com/products/personal/
You'll install and use this on all your computers and mobile devices (phones, tablets), and your data will sync between them.
The two-factor authentication (2FA) authenticator I recommend is Bitwarden Authenticator:
https://bitwarden.com/products/authenticator/
You'll install and use this on one or more of your mobile devices -- there is no desktop app. Bitwarden Authenticator stores TOTP tokens, those 6- (or 8-) digit codes that change every 30 seconds.
It's important to understand that Bitwarden Authenticator works fundamentally differently than Bitwarden itself. Bitwarden is a cloud-based service with a set of desktop and mobile apps, and the cloud service both stores your vault and keeps each device in sync with the cloud vault. Bitwarden Authenticator, though, is only a set of mobile apps, with NO cloud service doing storage or syncing between devices.
As a result, if you install Bitwarden Authenticator on more than one mobile device -- which I recommend --, your data will NOT sync between them. When you
add a new TOTP token, you'll have to manually add it to the Bitwarden
Authenticator app on ALL of your mobile devices. (The same is true for deleting a token.)
Install the
password manager, Bitwarden, then get your most important accounts
(especially your email account) moved into it. Then change the
passwords on those accounts to be long (say, 30 characters) and random,
using the password generator in Bitwarden.
Then install the
authenticator, Bitwarden Authenticator, and use it to add TOTP 2FA to your
most important accounts. Then add 2FA on your other accounts. Then move your other
accounts into Bitwarden and change their passwords as described above.
I
recommend that you add every new TOTP token not only to the Bitwarden
Authenticator app on all your mobile devices, as mentioned above, but
also to your Bitwarden vault, for resilience.
You'll find more instructions here:
https://bitwarden.com/learning/getting-started-as-an-individual-user/
(Note: A few services, like Google and Microsoft, already have Push 2FA, and some services offer the use of a passkey for login or 2FA; both of these are stronger than TOTP, but that's beyond the scope of this post.)
If you do have your TOTP tokens in Bitwarden and one or more Bitwarden Authenticator apps, you'll need to manually add any new token to ALL of those things. Adding a new token to Bitwarden will NOT add it to your Bitwarden Authenticator apps, and adding a new token to one Bitwarden Authenticator app will NOT add it to your other(s) app(s).
For adding a TOTP token using a QR code, the usual case, that means you must scan the QR code on your Bitwarden mobile app AND on ALL of your Bitwarden Authenticator apps -- and you must do ALL these scans BEFORE clicking on the Done/OK (or similar) button on the web page that is displaying the QR code. (If you forget, though, it's no big deal: you can copy a token code from any of the apps and create the missing token(s) in the other app(s).)
If you already have Bitwarden running and you've been adding TOTP tokens to it, and now you're adding Bitwarden Authenticator, you can export your Bitwarden vault as a JSON file and import that file into Bitwarden Authenticator; only the TOTP tokens will be loaded into Bitwarden Authenticator. This will give you a second source of tokens, increasing your resilience. And whenever you need the TOTP token for your Bitwarden account in order to log into Bitwarden itself, you can get it from Bitwarden Authenticator.
