[WayBack] GitHub – andOTP/andOTP: Open source two-factor authentication for Android.
A few highlights:
- andOTP is a two-factor authentication App for Android 4.4+.It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code.
- OpenPGP: OpenPGP can be used to easily decrypt the OpenPGP-encrypted backups on your PC.
- BroadcastReceivers: AndOTP supports a number of broadcasts to perform automated backups, eg. via Tasker. These will get saved to the defined backup directory. These only work when KeyStore is used as the encryption mechanism
- org.shadowice.flocke.andotp.broadcast.PLAIN_TEXT_BACKUP: Perform a plain text backup. WARNING: This will save your 2FA tokens onto the disk in an unencrypted manner!
- org.shadowice.flocke.andotp.broadcast.ENCRYPTED_BACKUP: Perform an encrypted backup of your 2FA database using the selected password in settings.
- All three versions (Google Play, F-Droid and the APKs) are not compatible (not signed by the same key)! You will have to uninstall one to install the other, which will delete all your data. So make sure you have a current backup before switching!
PlayStore: [WayBack] andOTP – Android OTP Authenticator – Apps on Google Play
• Free and Open-Source
• Requires minimal permissions:
• Camera access for QR code scanning
• Storage access for import and export of the database
• Encrypted storage with two backends:
• Android KeyStore (can cause problems, please only use if you absolutely have to)
• Password / PIN
• Multiple backup options:
• Plain-text
• Password-protected
• OpenPGP-encrypted
• Sleek minimalistic Material Design with three different themes:
• Light
• Dark
• Black (for OLED screens)
• Great Usability
• Compatible with Google Authenticator
Via: [WayBack] ‘Aanvallen via ss7-protocol om 2fa-sms’jes te onderscheppen nemen toe’ – Computer – Nieuws – Tweakers
Check out @Jaykul’s Tweet: https://twitter.com/Jaykul/status/1091200778121957377
Instead of Google authenticator and Authy
Via https://twitter.com/martinfowler/status/1091097388201230339
Related :
Nope. It’s just a secret encoded in a QR code.
Here’s the docs on the format of the URI in the QR code: https://t.co/AJhT6PFAzx
The QR code delivers a simple, durable, shared secret.
Use U2F if you can. It is much safer, as it cannot be phished or copied.
Depends on your risk model. Device to device transfer would be a good mid-ground, but doesn’t solve the “my phone was stolen/bricked/damaged” scenario.
Which is your bigger risk – duplicating (normally encrypted) secrets or losing your device and access to everything?
–jeroen
The Wiert Corner - irregular stream of stuff 