Add 2FA hardware and software section #420

New Issue

2018-04-01T14:31:35Z

PMK commented

2018-04-01 14:31:35 +00:00

(Migrated from github.com)

Hi,

Here below what can be added to the website.

Two-Factor Authentication (2FA)

Software

If you are currently using a Two-Factor Authentication (2FA) software like Google Authenticator you should pick an alternative here.

Mobile: Tofu

Tofu is an easy-to-use, open-source two-factor authentication app designed specifically for iOS. It uses HOTP and TOTP algorithms. Tofu is licensed under the ISC license. The source code is available for review and modification on GitHub.

[ website: tofuauth.com ]

OS: iOS

Mobile: andOTP

andOTP is a two-factor authentication app for Android 4.4+. It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code. MIT licensed.

[ website: github.com/andOTP/andOTP ]

OS: Android

Mobile: FreeOTP

FreeOTP is a two-factor authentication (2FA) application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code. It implements open standards: HOTP and TOTP. FreeOTP is sponsored and officially published by Red Hat, under the Apache 2.0 license.

[ website: freeotp.github.io ]

OS: iOS, Android.

Hardware

U2F Zero

U2F Zero is a secure and open source USB token. Designed to be affordable and reliable.

[ website: u2fzero.com ]

Nitrokey

Nitrokey has multiple hardware devices. Both hardware and software are open-source, free software and allow independent security reviews. Customisable, no vendor lock-in, no security via obfuscation, no hidden security issues.

[ website: nitrokey.com ]

Yubico

Yubico has multiple devices, including the YubiHSM 2, an USB-based, multi-purpose cryptographic device for servers. The software to use Yubico is open-source.

[ website: yubico.com ]

twofactorauth.org - List of sites with two-factor authentication support which includes SMS, e-mail, phone calls, hardware, and software

Hi, Here below what can be added to the website. ## Two-Factor Authentication (2FA) ### Software > If you are currently using a Two-Factor Authentication (2FA) software like Google Authenticator you should pick an alternative here. #### Mobile: Tofu Tofu is an easy-to-use, open-source two-factor authentication app designed specifically for iOS. It uses HOTP and TOTP algorithms. Tofu is licensed under the ISC license. The source code is available for review and modification on [GitHub](https://github.com/calleerlandsson/tofu). [ [website: tofuauth.com](https://tofuauth.com/) ] OS: iOS #### Mobile: andOTP andOTP is a two-factor authentication app for Android 4.4+. It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code. MIT licensed. [ [website: github.com/andOTP/andOTP](https://github.com/andOTP/andOTP) ] OS: Android #### Mobile: FreeOTP FreeOTP is a two-factor authentication (2FA) application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code. It implements open standards: HOTP and TOTP. FreeOTP is sponsored and officially published by Red Hat, under the Apache 2.0 license. [ [website: freeotp.github.io](https://freeotp.github.io/) ] OS: iOS, Android. ### Hardware #### U2F Zero U2F Zero is a secure and open source USB token. Designed to be affordable and reliable. [ [website: u2fzero.com](https://www.u2fzero.com/) ] #### Nitrokey Nitrokey has multiple hardware devices. Both hardware and software are open-source, free software and allow independent security reviews. Customisable, no vendor lock-in, no security via obfuscation, no hidden security issues. [ [website: nitrokey.com](https://www.nitrokey.com/) ] #### Yubico Yubico has multiple devices, including the YubiHSM 2, an USB-based, multi-purpose cryptographic device for servers. The software to use Yubico is open-source. [ [website: yubico.com](https://www.yubico.com/) ] ### Related Information - [twofactorauth.org](https://twofactorauth.org/) - List of sites with two-factor authentication support which includes SMS, e-mail, phone calls, hardware, and software

👍 2 ❤️ 6

PMK commented

2018-04-01 15:26:20 +00:00

(Migrated from github.com)

Ok, I just see that not just long ago the whole section has been removed? Also mentioning hardware should be there, right?

👍 1

Hillside502 commented

2018-04-01 18:43:26 +00:00

(Migrated from github.com)

using an Two-Factor Authentication

should be:-
using a two-factor authentication

> using an Two-Factor Authentication should be:- using a two-factor authentication

beerisgood commented

2018-04-01 21:13:38 +00:00

(Migrated from github.com)

For Android i can recommend andOTP from F-Droid and WinAuth for Windows

ghost commented

2018-04-11 03:13:05 +00:00

(Migrated from github.com)

Hello guys, I want recomended this fork of FreeOTP. Fixed many issues from original version.

https://github.com/helloworld1/FreeOTPPlus
https://f-droid.org/en/packages/org.liberty.android.freeotpplus/

I really don't know if the original version is still in development.

Hello guys, I want recomended this fork of FreeOTP. Fixed many issues from original version. https://github.com/helloworld1/FreeOTPPlus https://f-droid.org/en/packages/org.liberty.android.freeotpplus/ I really don't know if the original version is still in development.

Hillside502 commented

2018-04-13 11:46:58 +00:00

(Migrated from github.com)

@CHEF-KOCH
Looking at your link, Authy is only partially open-source.

@CHEF-KOCH Looking at your link, Authy is only **partially** open-source.

PMK commented

2018-04-13 19:41:28 +00:00

(Migrated from github.com)

@hachiman29
Should be noted that the fork is Android only (required Android SDK).

And thank you all for your input!

@hachiman29 Should be noted that the fork is Android only (required Android SDK). And thank you all for your input!

Hillside502 commented

2018-04-18 18:04:00 +00:00

(Migrated from github.com)

@CHEF-KOCH
On the link, 12 out of 19 repos are closed source.

@CHEF-KOCH On the link, 12 out of 19 repos are closed source.

Hillside502 commented

2018-04-19 18:51:03 +00:00

(Migrated from github.com)

More to the point, which repos do you consider to hold the entire Authy offering?

More to the point, which repos do you consider to hold the **entire** Authy offering?

Hillside502 commented

2018-04-20 10:11:57 +00:00

(Migrated from github.com)

So, it looks like you agree that Authy is only partially open-source.

So, it looks like you agree that Authy is only **partially** open-source.

Hillside502 commented

2018-04-21 10:33:51 +00:00

(Migrated from github.com)

Head over to:-
https://prism-break.org/en/all/#authentication
and look in the Proprietary column.

If you're convinced that Authy is fully open-source, you might like to open an issue at:-
https://github.com/nylira/prism-break/search?q=authy&type=Issues

That forum is frequented by higher level techies. Having said that, Privacy Tools is to be applauded for presenting the goods to the world in a more informative and approachable layout.

Head over to:- https://prism-break.org/en/all/#authentication and look in the Proprietary column. If you're convinced that Authy is fully open-source, you might like to open an issue at:- https://github.com/nylira/prism-break/search?q=authy&type=Issues That forum is frequented by higher level techies. Having said that, Privacy Tools is to be applauded for presenting the goods to the world in a more informative and approachable layout.

quiddity-wp commented

2018-09-20 23:15:04 +00:00

(Migrated from github.com)

I was going to start a thread on Reddit, asking for a section on 2FA to be added, with some compiled links. But then I came here to check if there were relevant suggestions, and I found this issue.

Is there are publicly known reason for why the previous section was removed? (per comment 1 above, and #406 filed separately)

In case they are useful, here are the notes I was going to post:

At https://www.privacytools.io/ there is not currently any mention of 2FA.

I suggest adding a section there for it, and adding the most recommended tools.

Which tools? I don't know, that's why I went to the site to look!

Here are relevant links, so you can all figure it out:

https://www.eff.org/deeplinks/2016/12/12-days-2fa-how-enable-two-factor-authentication-your-online-accounts (mentions Google Authenticator and Authy)
https://ssd.eff.org/en/module/how-enable-two-factor-authentication (mentions Google Authenticator, Duo Mobile, the Facebook app (and defunct Clef))
https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm#Client_implementations (big list - please update it if you can!)

and past discussions here (from a quick search)

I was going to start a thread on Reddit, asking for a section on 2FA to be added, with some compiled links. But then I came here to check if there were relevant suggestions, and I found this issue. Is there are publicly known reason for why the previous section was removed? (per [comment 1](https://github.com/privacytoolsIO/privacytools.io/issues/420#issuecomment-377794290) above, and #406 filed separately) In case they are useful, here are the notes I was going to post: ----- At https://www.privacytools.io/ there is not currently any mention of 2FA. I suggest adding a section there for it, **and** adding the most recommended tools. Which tools? I don't know, that's why I went to the site to look! Here are relevant links, so you can all figure it out: * https://www.eff.org/deeplinks/2016/12/12-days-2fa-how-enable-two-factor-authentication-your-online-accounts (mentions Google Authenticator and Authy) * https://ssd.eff.org/en/module/how-enable-two-factor-authentication (mentions Google Authenticator, Duo Mobile, the Facebook app (and defunct Clef)) * https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm#Client_implementations (big list - please update it if you can!) and past discussions here (from a quick search) * https://www.reddit.com/r/privacytoolsIO/comments/8q4c6c/authy_privacy/ * https://www.reddit.com/r/privacytoolsIO/comments/7qw4yq/is_authy_secure/ * https://www.reddit.com/r/privacytoolsIO/comments/6qjkl5/google_authenticator/

PMK commented

2018-12-18 22:49:02 +00:00

(Migrated from github.com)

Via PrivacyTools.io I found Tofu. I added this one plus the already mentioned andOTP.

Vincevrp commented

2019-02-28 19:43:04 +00:00

(Migrated from github.com)

I suggest Tofu for IOS and andOTP for Android. @Shifterovich

ghost commented

2019-02-28 20:08:36 +00:00

(Migrated from github.com)

I don't have an opinion on this topic so I'll let you decide.

PMK commented

2019-03-04 19:45:06 +00:00

(Migrated from github.com)

I'm using Tofu since December and I like it a lot! Maybe FreeOTP as a 'worth mentioning' option? It got an update just a few days ago (it's not dead!).

Vincevrp commented

2019-03-05 07:34:15 +00:00

(Migrated from github.com)

Someone can create a PR for the software-based ones.

I'm using Tofu since December and I like it a lot! Maybe FreeOTP as a 'worth mentioning' option? It got an update just a few days ago (it's not dead!).

That's weird, the commits are way older than a few days ago.

Someone can create a PR for the software-based ones. > I'm using Tofu since December and I like it a lot! Maybe FreeOTP as a 'worth mentioning' option? It got an update just a few days ago (it's not dead!). That's weird, the commits are way older than a few days ago.

PMK commented

2019-03-14 16:45:49 +00:00

(Migrated from github.com)