How to still use Authenticator/TOTP as primary 2fa on Google accounts

Posted by mzuke@reddit | sysadmin | View on Reddit | 4 comments

I understand Google wants TOTP to die and won't let you set it up on new accounts and you cannot setup TOTP on those accounts until you setup 2fa using either Push, SMS, Passkey or H/W token Sometimes with services accounts or other shared accounts you don't want them tied to a phone in that way, enter "soft hardware tokens" from Chrome https://developer.chrome.com/docs/devtools/webauthn/ Create the account using hardware key using the Chrome dev soft hw key, setup Authenticator/TOTP in account security, remove hardware key and now TOTP is the primary and only form of 2fa on the account I understand why TOTP is less secure but it also still has it's place and it is annoying that Google has walled off the option, specially while most of their documentation hasn't been updated to reflect this

4 Comments

[-]

malikto44@reddit

It is annoying, especially with SMS still allowed. TOTP isn't weak. In fact, it is a nice, portable protocol. If I don't like one app, I copy the shared secret to another PW manager, and it works there. I'm guessing, share the passkey (which is a private key), and hope that can be exported and moved between apps, but that is hit or miss.

How to still use Authenticator/TOTP as primary 2fa on Google accounts

Reply to Post

4 Comments

malikto44@reddit

bageloid@reddit

sniff122@reddit

Valdaraak@reddit