On Mon, May 2, 2022, at 23:25, lilydjwg wrote: > Google doesn't disable app passwords (requires 2FA). Google is going to > disable account passwords login at the end of this month.[1] > > I've switched to OAuth because I don't want to enable 2FA (which means > if I lost all my devices, I would lose access to my Google account).
Your concern is valid, but I think there are ways around it, and using application passwords looks to me like a good security practice. What I personally do is to store the 2FA tokens in Authy in the phone, but also keep a backup copy (that sometimes is the working copy, as I don't always have the phone in the same room with me) in a KeePassXC[1] vault that I sync in Dropbox and in a couple of other machines I have access to. As long as you have access to this password file, you have access to your TOTP tokens. Cheers, [1] https://keepassxc.org/ -- José María (Chema) Mateos || https://rinzewind.org