147
GitHub is slowly rolling in 2FA. Any good open source apps that will enable me to activate 2FA token on android? (szmer.info)
submitted 2 years ago by Ludrol@szmer.info to c/opensource@lemmy.ml
93 comments fedilink hide all child comments

If proprietary app is better and more robust I am willing to try it and assess it myself.

top 50 comments
sorted by: hot top controversial new old
[-] larmicon@feddit.de 152 points 2 years ago

Aegis authenticator. Beats all proprietary apps I've tried so far

[-] pacjo@lemmy.dbzer0.com 37 points 2 years ago

I'm leaving links here in case anyone needs them

It supports importing data from various 2FA apps and even allows you to generate Steamguard codes.

[-] miss_brainfart@lemmy.ml 3 points 2 years ago

Steamguard? Since when? That's awesome!

[-] pacjo@lemmy.dbzer0.com 5 points 2 years ago

I honestly don't know. I set it up with steamguard-cli few months ago and it's working like a charm.

load more comments (1 replies)
[-] ReversalHatchery@beehaw.org 3 points 2 years ago

It's been there for quite a few years, I think

load more comments (2 replies)
[-] cynber@lemmy.ca 17 points 2 years ago

Yep, it works perfectly

Bitwarden has it too, but eggs in one basket etc.

[-] ReversalHatchery@beehaw.org 5 points 2 years ago

Also, for bitwarden it's either a paid feature or you have to self host it

[-] morrowind@lemmy.ml 6 points 2 years ago

One of those apps that just does its job, does it well and I never have to worry about it

[-] darklamer@lemmy.dbzer0.com 4 points 2 years ago

Thank you!

I'd been a happy user of andOTP for many years, unaware until now that it had been abandoned and that I therefore needed ro replace it. I looked through the recommendations posted here and came to the conclusion that Aegis indeed was the best recommendation.

Migrating from andOTP to Aegis by exporting an encrypted backup file from andOTP to the local filesystem and importing it in Aegis worked flawlessly.

One thing that I really liked in andOTP that Aegis doesn't have was the PGP export, it was just very nice to get encrypted backup files that I could decrypt directly using standard software that I already have and know how to use, entirely independent from any particular app. Aegis instead provides the decrypt.py script to decode and decrypt its own encrypted backup file format and while I've tested and verified that this works fine, simply using standard PGP was nicer.

But that's a minor detail. All in all, Aegis seems to do everything I need, and does it well.

load more comments (1 replies)
[-] DingDongBell@lemm.ee 31 points 2 years ago

aegis

[-] anteaters@feddit.de 23 points 2 years ago

Aegis on mobile and keepassxc on desktop.

load more comments (3 replies)
[-] EinfachUnersetzlich@lemm.ee 23 points 2 years ago

BitWarden.

[-] peregus@lemmy.world 27 points 2 years ago

I don't think that it's safe to leave both authentication factors in a single app.

[-] dana@lemmy.world 3 points 2 years ago* (last edited 2 years ago)

It depends on your risk profile, but yes, it's less secure. For some people the convenience is worth the risk, for others maybe not. If you opt to store 2fa keys in Bitwarden you'd definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.

load more comments (2 replies)
load more comments (2 replies)
[-] wegettosss@sh.itjust.works 22 points 2 years ago

Authenticator Pro

[-] clmbmb@lemmy.dbzer0.com 8 points 2 years ago

Yes! I moved from aegis to it and it is much better imo.

[-] hASHfunction@lemmy.world 8 points 2 years ago

I've used it for years for numerous phones. it's the best. Link for the lazy

https://apt.izzysoft.de/fdroid/index/apk/me.jmh.authenticatorpro

load more comments (1 replies)
[-] SaltyIceteaMaker@lemmy.ml 3 points 2 years ago

I love that you can back it up with a file... thatway i can put it somewhere safe and can recover my logins after my phone breaks

load more comments (1 replies)
[-] mp3@lemmy.ca 22 points 2 years ago* (last edited 2 years ago)

I'd suggest the following

The really important step is to make sure to export and backup your 2FA codes in a safe place.

You don't want to be left in the mud because you lost or wiped your phone that contains the only method to get into your important accounts.

load more comments (1 replies)
[-] GadgeteerZA@beehaw.org 21 points 2 years ago

Bitwarden and it's fully cross-platform. I like that it auto copies the 2FA pin to clipboard after filling in login - cuts out extra clicks and copy movements.

[-] fmstrat@lemmy.nowsci.com 11 points 2 years ago

Vaultwarden is also a great and simple to self-host backend written in Go that runs in Docker.

load more comments (4 replies)
load more comments (16 replies)
[-] choco@lemmy.ml 17 points 2 years ago

For me FreeOTP+ on fdroid is all I need. Its simple and just works.

[-] sixty@sh.itjust.works 15 points 2 years ago

Aegis

[-] Syudagye@pawb.social 13 points 2 years ago

I personally use KeePassXC (KeePassDX on android), it can have TOTP code generation for 2FA for any service. And since it's a password manager, it's secured by a master password.

[-] agitated_judge@sh.itjust.works 13 points 2 years ago

FreeOTP+ from fdroid is what I'm using.

load more comments (1 replies)
[-] gianni@lemmy.ml 10 points 2 years ago

Aegis is my favorite.

[-] edgan@lemmy.ml 8 points 2 years ago* (last edited 2 years ago)

I actually try to use authenticator apps as little as possible. Having to unlock your phone and open the app each time is too much hassle.

Instead I have four Yubikeys, not security keys, that I store my OTP 2FA codes on. One for personal codes, one for work codes, and the other two as backups for the first two. The backups protect me from hardware failure, the keys being stolen, or lost. One downside of the backup plan is having to scan the QR code twice, once per Yubikey.

Each Yubikey can store 32 OTP codes on the smart card part of the Yubikey. The 32 code limitation is why I have personal and work codes on separate keys. I did run into this limit.

This isn't the cheapest solution. In addition you could argue it also isn't the most secure, but that depends on the attack vector and circumstance.

With this setup I can use the Yubico Authenticator desktop to copy and paste the codes into the browser. While mobile I can use the mobile form of the same app. Also all my Yubikeys have NFC, so I can use that method if I want instead of just USB.

As mentioned in a different comment I highly recommend not storing 2FA codes in password managers like Bitwarden. It creates an all eggs one basket problem, which is exactly what 2FA codes are trying to avoid.

[-] s20@lemmy.ml 5 points 2 years ago

Having to unlock your phone and open the app each time is too much hassle.

And having to use two USB keys and double code scanning isn't? I'm glad your system works for you, but it sounds like a pain in the but to me lol.

load more comments (1 replies)
[-] vox@sopuli.xyz 6 points 2 years ago

aegis is great, but 2fas has Google Drive sync and a browser extension.

[-] Clubbing4198@lemmy.world 5 points 2 years ago

Aegis, FreeOTP

[-] charje@lemmy.ml 4 points 2 years ago* (last edited 2 years ago)

I'm just migrating away from github because of this. Sr.ht is looking promising.

[-] aurele@sh.itjust.works 13 points 2 years ago

Why would you not want to use 2FA?

[-] charje@lemmy.ml 5 points 2 years ago* (last edited 2 years ago)

I know it is an unpopular opinion, but it is a huge headache in general. I don't think the theoretical benefits (which make total sense) actually pay off in reality and are worth the extra headache. I'm not saying they should not have it at all, but it should be at least opt-out instead of forced.

In the case of github, I think it is part of their long drawn out plan of data collection and proprietary lock down. Next they are going to require your house address and government ID. I feel better using an free and open source platform anyway.

load more comments (4 replies)
[-] NatoBoram@lemm.ee 3 points 2 years ago

Most likely because of the "2" in "2FA"

[-] maniel@lemmy.ml 4 points 2 years ago

When it comes to proprietary apps Authy is nice, it offers synchronisation between devices, but yeah, it involves cloud (someone's computer) and you need to give them your phone number, so that's for privacy, in the end you might as well use Google authenticator, it syncs between devices to, it's about who you trust more

[-] r_se_random@sh.itjust.works 4 points 2 years ago

For people down voting, please share your reasons for it. If there's something wrong with the product, sharing that info would be helpful.

load more comments (1 replies)
load more comments (2 replies)
[-] barryamelton@lemmy.ml 4 points 2 years ago

I recommend one of the FOSS apps in fdroid for this, don't use a proprietary one from Google Play (like the Google Authenticator).

[-] starman@programming.dev 3 points 2 years ago

Mauth

[-] ExtremeDullard@lemmy.sdf.org 3 points 2 years ago* (last edited 2 years ago)

I use Yubico Authenticator with my Yubikey (NFC and USB) and Vivokey Authenticator - which is a straight fork of the Yubico Authenticator - with my Vivokey Apex implant.

[-] tajnymag@czech-lemmy.eu 3 points 2 years ago

The official GitHub app. Yes, it's not universal for other sites, but you get 2FA and a much more pleasant browsing experience.

For a universal solution, give Aegis a try.

load more comments
view more: next ›
this post was submitted on 19 Aug 2023
147 points (100.0% liked)

Open Source

38676 readers
252 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml