this post was submitted on 19 Aug 2023

145 points (98.0% liked)

Open Source

31063 readers

579 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

[email protected]

145

GitHub is slowly rolling in 2FA. Any good open source apps that will enable me to activate 2FA token on android? (szmer.info)

submitted 1 year ago by [email protected] to c/[email protected]

98 comments fedilink hide all child comments

If proprietary app is better and more robust I am willing to try it and assess it myself.

(page 2) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 2 points 1 year ago

I really like 2FAS, open source, looks and feel polished, no complaints

[–] [email protected] 2 points 1 year ago (2 children)

Does anyone have any suggestion for iOS? Raivo seems to fallen from grace recently.

[–] [email protected] 2 points 1 year ago (1 children)

What’s wrong with Raivo?

[–] [email protected] 1 points 1 year ago

It's recently been bought by a generic mobile app development company. This thread has more discussion on the topic.

[–] [email protected] 2 points 1 year ago

Bitwarden. Works with autofill too.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (4 children)

andOTP is the only app I know of that's on F-Droid and has a feature to make an encrypted backup to a file.

Unfortunately it hasn't been updated in awhilee, but I dont think there's an alternative.

load more comments (4 replies)

[–] [email protected] 2 points 1 year ago

The official GitHub app. Yes, it's not universal for other sites, but you get 2FA and a much more pleasant browsing experience.

For a universal solution, give Aegis a try.

[–] [email protected] 1 points 1 year ago

https://github.com/ente-io/auth

[–] [email protected] 1 points 1 year ago (1 children)

KeepassDX already has TOTP

[–] [email protected] 2 points 1 year ago (1 children)

I am not a big fan of storing the passwords and 2fa together since if it is compromised, you lose both layers at the same time. But the alternative is not so convenient. But then in security, it is always a balance between the two.

[–] [email protected] 1 points 1 year ago (1 children)

True true. But the auth apps I've seen don't appear to be secure. So if you lose your phone...

And I don't like hw key because I'm afraid I'll lose it.

[–] [email protected] 1 points 1 year ago (1 children)

I have a two layer system in place:

I use Aegis, I have automatic encrypted backups, and syncthing to synchronize the backups to my private server. If I need to reconfigure Aegis, I just import the backup.
I have 2FA backup codes as encrypted text files, which are also synced to my server with syncthing. I have the encryption/decryption software installed on my phone and windows, so I can use a backup code if I don't have access to Aegis.

One issue was I had to write my own apps for windows and android for encrypting/decrypting the text files 😃. You can check them on GitHub: https://github.com/mcanyucel/TextCrypt-Windows https://github.com/mcanyucel/textcrypt-android

They use SHA256 with random IV and random salt. No warranties, though 😅

[–] [email protected] 2 points 1 year ago

Damn! I hope I don't have to be quite that careful. I travel a lot so I really only worry about the USA border guards. 😒

[–] [email protected] 1 points 1 year ago

Aegis seems to be the winner in this thread. Does anyone have experience with Tofu Authenticator for iOS?

load more comments