Ditch your 2FA / OTP apps!

Buttercup
2 min readDec 1, 2019

--

Two-factor authentication (2FA) is an absolute must in today’s online service environment, and it’s never been easier to use one-time passwords (OTPs) with all the great mobile applications out there. When enabling 2FA on your accounts you’re usually presented with a handy QR code that you’re able to scan on your phone to pop the OTP codes right into one of your authentication apps like Google’s or Microsoft’s Authenticator.

Wait.. but then your authentication procedure is entirely dependent on you having your phone too, right? Yes — To unlock 2FA accounts secured with this method, you need your phone on you. But what if you lose your phone or restore it without first remembering to deactivate all your 2FA settings on your accounts? 2FA is a blessing for security, but the accessibility side of things is still a curse when it comes to migrating phones.

It’s been a long-running issue with Google’s Authenticator regarding restoring OTPs after restoring an iPhone — you simply can’t. You need to trawl through all of your 2FA-enabled accounts to reset the 2FA settings.. What a pain!

To decouple 2FA from your device and to remove this problematic migration phase, we’ve introduced OTP support into Buttercup. As of right now, you can already use OTPs in the browser extension and mobile app, with the desktop application to follow suite shortly.

Buttercup’s OTP codes page on Android (left) and iOS (right)

The browser application can show OTP codes in the UI, but the mobile application allows for scanning and ingesting new QR codes that are presented when enabling 2FA — once these are added to your vault, you can then view the new Codes page to see all of your current OTPs.

Storing your OTP authentication URIs within Buttercup is a great way to ensure that you don’t lose them if you lose your device (or simply don’t have it nearby). Using your string & unique vault password you can keep your codes safely protected in your vault, alongside all of your other passwords, so that they’re available wherever Buttercup is — on any device.

Coming soon to iOS and Android — version 1.12. Currently only TOTP protocol supported.

--

--

Buttercup

Free, accessible, cross-platform password manager for everyone. Manage your secrets easily on every device — never be locked out. https://buttercup.pw