this post was submitted on 18 Jan 2025
34 points (90.5% liked)

Technology

60704 readers
3678 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
34
Murena, Volla or other open source smartphones suggestions? (lemmy.world)
submitted 4 days ago by JasonB@lemmy.world to c/technology@lemmy.world
22 comments fedilink hide all child comments
 

I am considering changing to an open source smartphone. However there are some apps that I must have, like authenticator, mobile bank and government apps. Does anyone have any experience with any of these brands, what are they like and also is it possible to install android apps?

you are viewing a single comment's thread
view the rest of the comments
[–] dan@upvote.au 3 points 4 days ago* (last edited 4 days ago) (1 children)

My guess would be that a 2FA app from the government is likely using PKI (private + public keys) or something similar, rather than a basic TOTP algorithm. There's not really a generic app for something like that. Many services are moving away from TOTP since it's not phishing-resistant.

[–] sem@lemmy.blahaj.zone 1 points 4 days ago (1 children)

Nothing is phishing resistant though?

[–] dan@upvote.au 3 points 4 days ago (1 children)

FIDO2 tokens (like Yubikeys and passkeys) can't be phished.

[–] sem@lemmy.blahaj.zone 1 points 3 days ago (1 children)

Yes, it's as easy as with the TOTP app. A message that says "ok, now tell us the code"

[–] dan@upvote.au 3 points 3 days ago* (last edited 3 days ago) (1 children)

FIDO2/WebAuthn hardware tokens don't use a code. That's why they're phishing resistant. You have to press a hardware token (usually plugged in via USB) to authenticate, but it doesn't do anything obvious on the screen like type a code. On mobile, these tokens usually use NFC, so you just tap the Yubikey or whatever to the back of your phone.

[–] sem@lemmy.blahaj.zone 2 points 3 days ago (1 children)

Ah ok. Last time I had a hardware key it had a little display that showed numbers. I thought yubikey did the same thing.

That's pretty cool. Ideally I'd get something like a yubikey to unlock my password manager, except I'm not sure how the yubikey is supposed to interact with a desktop computer, especially a shared/public one.

[–] dan@upvote.au 4 points 3 days ago* (last edited 3 days ago)

Oh yeah, I had one of those a long time ago for my PayPal account, before smartphones were widespread.

I'm using a Yubikey with my password manager (self-hosted Vaultwarden) and it works well! The Yubikey is a USB device - you can get it either as a USB-C or USB-A. It should work with any desktop PC as long as USB devices are allowed. I've got one on my keychain, and a second one stored somewhere safe. Good to have a spare one as a backup just in case the main one dies.