this post was submitted on 18 Feb 2024
16 points (94.4% liked)

Linux

8114 readers
49 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 1 year ago
MODERATORS
 

I'm trying to move away from Authy since they're ending support for their desktop app, and I thought Aegis would be the right app for me to jump to, but it doesn't seem to have a desktop app. So I'm wondering what FOSS apps the rest of you use for Desktop and Mobile 2FA?

all 17 comments
sorted by: hot top controversial new old
[–] ebits21@lemmy.ca 8 points 9 months ago* (last edited 9 months ago) (2 children)

I use KeepPassXC for desktop totp codes. I’m sure there’s an Android app to use with it. (I use KeePassium on iOS). Edit: maybe look into KeePass2Android

You can sync with Syncthing for offline. I keep the database in the cloud but with a key on each device (not in the cloud) that’s needed to open it.

[–] Evkob@lemmy.ca 4 points 9 months ago

The best Android KeePass client I've used is by far KeePassDX

[–] jelloeater85@lemmy.world 1 points 8 months ago* (last edited 8 months ago)

KeepassDX on Android and KeepassXC on Desktop, sync with SyncThing, done! AndOTP on Android is nice, but it won't run on Desktop.

[–] CeeBee@lemmy.world 4 points 9 months ago* (last edited 9 months ago)

I'm in the same boat. And I came across 2FAS (Android) (Website).

It doesn't have a dedicated desktop app, but it does have a browser extension, which I think is the best we're going to get.

I spent a fair amount of time looking around for an alternative when Authy announced they're killing their desktop app. 2FAS is the best I found.

If anyone else has a good suggestion, I'm all ears.

My requirements:

  • Android App
  • Desktop App (Linux only)
  • Synchronization between the two
  • (not a hard requirement) FOSS, or at least just Open Source

I'd be willing to pay for a decent solution.

I didn't realize it at the time, but Authy locks you in with no way to export your tokens. There are unofficial scripts on GitHub, but I haven't tried them yet.

Edit: specified Linux desktop. I don't use Windows.

[–] Dehydrated@lemmy.world 1 points 8 months ago

You can try GNOME's Authenticator, it's pretty simple but it gets the job done

[–] mholiv@lemmy.world 0 points 9 months ago (4 children)

Slightly off topic but desktop 2FA apps kind of kill the point of 2FA.

2FA protects you by ensuring that even if your computer is compromised your account will have a layer of protection in that second factor “aka something you have”.

If you have that on your desktop, you might as well not have it.

If you find 2FA off of your desktop annoying I recommend looking into passkeys. Open standard and less annoying. Just not well supported.

[–] ebits21@lemmy.ca 5 points 9 months ago (1 children)

Passkey is on your device though?

It doesn’t kill the point of 2fa. It’s something you have… you have your device. If you didn’t you wouldn’t have the TOTP code.

The something you know (password) is much more likely to be breached and stolen. That is what isn’t tied to your device. You probably want the second factor to be linked to just the devices you have.

[–] mholiv@lemmy.world 1 points 9 months ago* (last edited 9 months ago) (1 children)

Edit: I was wrong and mixed up passkeys with something else. Passkeys I think are still better than desktop totp apps because at least they work with secure hardware on the platform.

[–] ebits21@lemmy.ca 1 points 9 months ago (1 children)

That’s not what passkeys are in many implementations. Look up Google/microsoft/apple passkeys. That’s what people mean when they say passkeys.

You’re thinking of a device like a Yubikey, which is a great device.

[–] mholiv@lemmy.world 1 points 9 months ago

You’re right. Yah. Still at least those use “secure element” equivalents at least.

[–] KrapKake@lemmy.world 3 points 9 months ago (1 children)

I've seen people say this, but what makes your phone so much safer than your computer?

[–] mholiv@lemmy.world 2 points 9 months ago

It’s the second factor that adds security. Aka “something you have”.

If you use totp on your phone to log into an app on your phone yah it’s true it’s not much more secure (although I would argue app isolation does make it more secure) but using your phone to provide totp for your desktop proves that second factor.

[–] Evkob@lemmy.ca 1 points 9 months ago (1 children)

Where do you keep your TOTP if not on your devices? Or do you own a separate device exclusively for TOTP?

[–] mholiv@lemmy.world 0 points 9 months ago

For less important things I keep my TOTP credentials on my phone. Not perfect but definitely safer than a PC statistically speaking.

For more important things I use either a passkey or yubikey or a gpgsmart card depending on what is supported. All three work via usb or NFC.