nullpay.
Back to toolkit
IdentityQuick win10 minall

2FA Hierarchy

Risk

The risk

Why this matters

SMS 2FA is vulnerable to SIM swapping — a trivial social engineering attack where someone convinces your carrier to transfer your number. Not all 2FA is equal: SMS < TOTP < hardware keys.

Recommended tools

What to use

Ente Auth
Ente AuthOSSFree

End-to-end encrypted TOTP authenticator. Cross-platform backup.

Aegis
AegisOSSFree

Android-only 2FA with encrypted vault export. Open-source.

2FAS
2FASOSSFree

Simple 2FA app (Android + iOS) with browser extension. Open-source.

YubiKey
YubiKey

Hardware security key. Phishing-proof. The gold standard for 2FA.

Setup guide

How to set it up

  1. 1

    Install Ente Auth or Aegis (Android) as your TOTP authenticator

  2. 2

    For every account that supports it: switch from SMS 2FA to TOTP

  3. 3

    Start with critical accounts: email, banking, password manager

  4. 4

    Back up your TOTP seeds — Ente Auth does this with E2EE cloud backup