Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

Add 2FA hardware and software section #420

Open
PMK opened this issue Apr 1, 2018 · 22 comments · May be fixed by #1713
Open

Add 2FA hardware and software section #420

PMK opened this issue Apr 1, 2018 · 22 comments · May be fixed by #1713

Comments

@PMK
Copy link

PMK commented Apr 1, 2018

Hi,

Here below what can be added to the website.

Two-Factor Authentication (2FA)

Software

If you are currently using a Two-Factor Authentication (2FA) software like Google Authenticator you should pick an alternative here.

Mobile: Tofu

Tofu is an easy-to-use, open-source two-factor authentication app designed specifically for iOS. It uses HOTP and TOTP algorithms. Tofu is licensed under the ISC license. The source code is available for review and modification on GitHub.

[ website: tofuauth.com ]

OS: iOS

Mobile: andOTP

andOTP is a two-factor authentication app for Android 4.4+. It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code. MIT licensed.

[ website: github.com/andOTP/andOTP ]

OS: Android

Mobile: FreeOTP

FreeOTP is a two-factor authentication (2FA) application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code. It implements open standards: HOTP and TOTP. FreeOTP is sponsored and officially published by Red Hat, under the Apache 2.0 license.

[ website: freeotp.github.io ]

OS: iOS, Android.

Hardware

U2F Zero

U2F Zero is a secure and open source USB token. Designed to be affordable and reliable.

[ website: u2fzero.com ]

Nitrokey

Nitrokey has multiple hardware devices. Both hardware and software are open-source, free software and allow independent security reviews. Customisable, no vendor lock-in, no security via obfuscation, no hidden security issues.

[ website: nitrokey.com ]

Yubico

Yubico has multiple devices, including the YubiHSM 2, an USB-based, multi-purpose cryptographic device for servers. The software to use Yubico is open-source.

[ website: yubico.com ]

Related Information

  • twofactorauth.org - List of sites with two-factor authentication support which includes SMS, e-mail, phone calls, hardware, and software
@PMK
Copy link
Author

PMK commented Apr 1, 2018

Ok, I just see that not just long ago the whole section has been removed? Also mentioning hardware should be there, right?

@PMK PMK changed the title Add 'FreeOTP' as an alternative to 'Google Authenticator' for 2FA Add section about 2FA with software and hardware Apr 1, 2018
@Hillside502
Copy link

using an Two-Factor Authentication

should be:-
using a two-factor authentication

@beerisgood
Copy link

For Android i can recommend andOTP from F-Droid and WinAuth for Windows

@ghost
Copy link

ghost commented Apr 11, 2018

Hello guys, I want recomended this fork of FreeOTP. Fixed many issues from original version.

https://github.com/helloworld1/FreeOTPPlus
https://f-droid.org/en/packages/org.liberty.android.freeotpplus/

I really don't know if the original version is still in development.

@Hillside502
Copy link

@CHEF-KOCH
Looking at your link, Authy is only partially open-source.

@PMK
Copy link
Author

PMK commented Apr 13, 2018

@Hachiman29
Should be noted that the fork is Android only (required Android SDK).

And thank you all for your input!

@Hillside502
Copy link

@CHEF-KOCH
On the link, 12 out of 19 repos are closed source.

@Hillside502
Copy link

More to the point, which repos do you consider to hold the entire Authy offering?

@Hillside502
Copy link

So, it looks like you agree that Authy is only partially open-source.

@Hillside502
Copy link

Head over to:-
https://prism-break.org/en/all/#authentication
and look in the Proprietary column.

If you're convinced that Authy is fully open-source, you might like to open an issue at:-
https://github.com/nylira/prism-break/search?q=authy&type=Issues

That forum is frequented by higher level techies. Having said that, Privacy Tools is to be applauded for presenting the goods to the world in a more informative and approachable layout.

@quiddity-wp
Copy link
Contributor

I was going to start a thread on Reddit, asking for a section on 2FA to be added, with some compiled links. But then I came here to check if there were relevant suggestions, and I found this issue.

Is there are publicly known reason for why the previous section was removed? (per comment 1 above, and #406 filed separately)

In case they are useful, here are the notes I was going to post:


At https://www.privacytools.io/ there is not currently any mention of 2FA.

I suggest adding a section there for it, and adding the most recommended tools.

Which tools? I don't know, that's why I went to the site to look!

Here are relevant links, so you can all figure it out:

and past discussions here (from a quick search)

@PMK
Copy link
Author

PMK commented Dec 18, 2018

Via PrivacyTools.io I found Tofu. I added this one plus the already mentioned andOTP.

@Vincevrp
Copy link
Contributor

I suggest Tofu for IOS and andOTP for Android. @Shifterovich

@Vincevrp Vincevrp changed the title Add section about 2FA with software and hardware Add 2FA hardware and software section Feb 28, 2019
@ghost
Copy link

ghost commented Feb 28, 2019

I don't have an opinion on this topic so I'll let you decide.

@PMK
Copy link
Author

PMK commented Mar 4, 2019

I'm using Tofu since December and I like it a lot! Maybe FreeOTP as a 'worth mentioning' option? It got an update just a few days ago (it's not dead!).

@Vincevrp
Copy link
Contributor

Vincevrp commented Mar 5, 2019

Someone can create a PR for the software-based ones.

I'm using Tofu since December and I like it a lot! Maybe FreeOTP as a 'worth mentioning' option? It got an update just a few days ago (it's not dead!).

That's weird, the commits are way older than a few days ago.

@PMK
Copy link
Author

PMK commented Mar 14, 2019

That's weird, the commits are way older than a few days ago.

You're right, but in the App store there was an update.

@jonaharagon jonaharagon linked a pull request Feb 16, 2020 that will close this issue
4 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants
@PMK @nitrohorse @jonaharagon @Hillside502 @quiddity-wp @beerisgood @Vincevrp and others