this post was submitted on 19 Aug 2023
145 points (98.0% liked)

Open Source

31224 readers
261 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

If proprietary app is better and more robust I am willing to try it and assess it myself.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] Supercharger@lemm.ee 2 points 1 year ago (2 children)

Does anyone have any suggestion for iOS? Raivo seems to fallen from grace recently.

[–] ScoobyDoo27@lemm.ee 2 points 1 year ago (1 children)

What’s wrong with Raivo?

[–] Supercharger@lemm.ee 1 points 1 year ago

It's recently been bought by a generic mobile app development company. This thread has more discussion on the topic.

[–] CrescentMadeJr@beehaw.org 2 points 1 year ago

Bitwarden. Works with autofill too.

[–] library_napper@monyet.cc 2 points 1 year ago* (last edited 1 year ago) (4 children)

andOTP is the only app I know of that's on F-Droid and has a feature to make an encrypted backup to a file.

Unfortunately it hasn't been updated in awhilee, but I dont think there's an alternative.

load more comments (4 replies)
[–] tajnymag@czech-lemmy.eu 2 points 1 year ago

The official GitHub app. Yes, it's not universal for other sites, but you get 2FA and a much more pleasant browsing experience.

For a universal solution, give Aegis a try.

[–] NENathaniel@lemmy.ca 2 points 1 year ago

I really like 2FAS, open source, looks and feel polished, no complaints

[–] edgan@lemmy.ml 2 points 1 year ago* (last edited 1 year ago) (2 children)

I actually try to use authenticator apps as little as possible. Having to unlock your phone and open the app each time is too much hassle.

Instead I have four Yubikeys, not security keys, that I store my OTP 2FA codes on. One for personal codes, one for work codes, and the other two as backups for the first two. The backups protect me from hardware failure, the keys being stolen, or lost. One downside of the backup plan is having to scan the QR code twice, once per Yubikey.

Each Yubikey can store 32 OTP codes on the smart card part of the Yubikey. The 32 code limitation is why I have personal and work codes on separate keys. I did run into this limit.

This isn't the cheapest solution. In addition you could argue it also isn't the most secure, but that depends on the attack vector and circumstance.

With this setup I can use the Yubico Authenticator desktop to copy and paste the codes into the browser. While mobile I can use the mobile form of the same app. Also all my Yubikeys have NFC, so I can use that method if I want instead of just USB.

As mentioned in a different comment I highly recommend not storing 2FA codes in password managers like Bitwarden. It creates an all eggs one basket problem, which is exactly what 2FA codes are trying to avoid.

load more comments (2 replies)
[–] badelf@lemmy.ml 1 points 1 year ago (1 children)

KeepassDX already has TOTP

[–] styx@beehaw.org 2 points 1 year ago (1 children)

I am not a big fan of storing the passwords and 2fa together since if it is compromised, you lose both layers at the same time. But the alternative is not so convenient. But then in security, it is always a balance between the two.

[–] badelf@lemmy.ml 1 points 1 year ago (1 children)

True true. But the auth apps I've seen don't appear to be secure. So if you lose your phone...

And I don't like hw key because I'm afraid I'll lose it.

[–] styx@beehaw.org 1 points 1 year ago (1 children)

I have a two layer system in place:

  1. I use Aegis, I have automatic encrypted backups, and syncthing to synchronize the backups to my private server. If I need to reconfigure Aegis, I just import the backup.

  2. I have 2FA backup codes as encrypted text files, which are also synced to my server with syncthing. I have the encryption/decryption software installed on my phone and windows, so I can use a backup code if I don't have access to Aegis.

One issue was I had to write my own apps for windows and android for encrypting/decrypting the text files 😃. You can check them on GitHub: https://github.com/mcanyucel/TextCrypt-Windows https://github.com/mcanyucel/textcrypt-android

They use SHA256 with random IV and random salt. No warranties, though 😅

[–] badelf@lemmy.ml 2 points 1 year ago

Damn! I hope I don't have to be quite that careful. I travel a lot so I really only worry about the USA border guards. 😒

[–] iconic_admin@lemmy.world 1 points 1 year ago

Aegis seems to be the winner in this thread. Does anyone have experience with Tofu Authenticator for iOS?

load more comments
view more: ‹ prev next ›