this post was submitted on 19 Aug 2023

7 points (100.0% liked)

Open Source

30767 readers

464 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

GitHub is slowly rolling in 2FA. Any good open source apps that will enable me to activate 2FA token on android? (szmer.info)

submitted 1 year ago by Ludrol@szmer.info to c/opensource@lemmy.ml

27 comments fedilink hide all child comments

If proprietary app is better and more robust I am willing to try it and assess it myself.

all 29 comments

sorted by: hot top controversial new old

[–] larmicon@feddit.de 6 points 1 year ago (2 children)

Aegis authenticator. Beats all proprietary apps I've tried so far

[–] cynber@lemmy.ca 2 points 1 year ago (1 children)

Yep, it works perfectly

Bitwarden has it too, but eggs in one basket etc.

[–] ReversalHatchery@beehaw.org 1 points 1 year ago

Also, for bitwarden it's either a paid feature or you have to self host it

[–] pacjo@lemmy.dbzer0.com 1 points 1 year ago

I'm leaving links here in case anyone needs them

It supports importing data from various 2FA apps and even allows you to generate Steamguard codes.

[–] gianni@lemmy.ml 1 points 1 year ago

Aegis is my favorite.

[–] Supercharger@lemm.ee 1 points 1 year ago (1 children)

Does anyone have any suggestion for iOS? Raivo seems to fallen from grace recently.

[–] CrescentMadeJr@beehaw.org 1 points 1 year ago

Bitwarden. Works with autofill too.

[–] iconic_admin@lemmy.world 1 points 11 months ago

Aegis seems to be the winner in this thread. Does anyone have experience with Tofu Authenticator for iOS?

[–] GadgeteerZA@beehaw.org 1 points 1 year ago (1 children)

Bitwarden and it's fully cross-platform. I like that it auto copies the 2FA pin to clipboard after filling in login - cuts out extra clicks and copy movements.

[–] fmstrat@lemmy.nowsci.com 1 points 1 year ago (1 children)

Vaultwarden is also a great and simple to self-host backend written in Go that runs in Docker.

[–] derpgon@programming.dev 1 points 1 year ago (1 children)

Isn't it written in Rust?

[–] badelf@lemmy.ml 0 points 1 year ago (1 children)

KeepassDX already has TOTP

[–] styx@beehaw.org 0 points 1 year ago (1 children)

I am not a big fan of storing the passwords and 2fa together since if it is compromised, you lose both layers at the same time. But the alternative is not so convenient. But then in security, it is always a balance between the two.

[–] badelf@lemmy.ml 0 points 1 year ago (1 children)

True true. But the auth apps I've seen don't appear to be secure. So if you lose your phone...

And I don't like hw key because I'm afraid I'll lose it.

[–] styx@beehaw.org 0 points 1 year ago (1 children)

I have a two layer system in place:

I use Aegis, I have automatic encrypted backups, and syncthing to synchronize the backups to my private server. If I need to reconfigure Aegis, I just import the backup.
I have 2FA backup codes as encrypted text files, which are also synced to my server with syncthing. I have the encryption/decryption software installed on my phone and windows, so I can use a backup code if I don't have access to Aegis.

One issue was I had to write my own apps for windows and android for encrypting/decrypting the text files 😃. You can check them on GitHub: https://github.com/mcanyucel/TextCrypt-Windows https://github.com/mcanyucel/textcrypt-android

They use SHA256 with random IV and random salt. No warranties, though 😅

[–] badelf@lemmy.ml 2 points 1 year ago

Damn! I hope I don't have to be quite that careful. I travel a lot so I really only worry about the USA border guards. 😒

[–] charje@lemmy.ml 0 points 1 year ago* (last edited 1 year ago) (1 children)

I'm just migrating away from github because of this. Sr.ht is looking promising.

[–] aurele@sh.itjust.works 0 points 1 year ago (1 children)

Why would you not want to use 2FA?

[–] charje@lemmy.ml 0 points 1 year ago* (last edited 1 year ago) (1 children)

I know it is an unpopular opinion, but it is a huge headache in general. I don't think the theoretical benefits (which make total sense) actually pay off in reality and are worth the extra headache. I'm not saying they should not have it at all, but it should be at least opt-out instead of forced.

In the case of github, I think it is part of their long drawn out plan of data collection and proprietary lock down. Next they are going to require your house address and government ID. I feel better using an free and open source platform anyway.

[–] maniel@lemmy.ml 1 points 1 year ago

How exactly could a site collect more of your data through 2fa?

[–] wegettosss@sh.itjust.works 0 points 1 year ago (1 children)

Authenticator Pro

[–] clmbmb@lemmy.dbzer0.com 1 points 1 year ago (1 children)

Yes! I moved from aegis to it and it is much better imo.

[–] maniel@lemmy.ml 0 points 1 year ago (1 children)

When it comes to proprietary apps Authy is nice, it offers synchronisation between devices, but yeah, it involves cloud (someone's computer) and you need to give them your phone number, so that's for privacy, in the end you might as well use Google authenticator, it syncs between devices to, it's about who you trust more

[–] r_se_random@sh.itjust.works 1 points 1 year ago

For people down voting, please share your reasons for it. If there's something wrong with the product, sharing that info would be helpful.