Ente completes CERN sponsored audit

This includes (especially so) Ente Auth.

I wanted to bring some awareness to this because when I think of MFA I typically think of TOTP Authenticators. Like my friend Eric Hameleers (alienbob), I bent the knee way back and adopted the proprietary, closed source product Authy by Twilio.

Why? Because there were considerations to raise, such as, "What if I drop my phone in the fricken' toilet?", or, "I want my authenticator to support installs on multiple platforms and sync" - Actually, both of those considerations are really the same thing. The mess about this really was that Google Authenticator and others didn't sync, existed on a single device, and I had no need or desire to enjoy passwordless authentication offered by Microsoft for some resources.

Authy provided multi-devices w/sync, on #Android, #Linux, and #Windows, okay I guess, and my phone(s). And then Ente Auth came out, they were working on the desktop version and close to a release, it sync'ed with multiple devices and second best of all, it was the first truly cross-platform (Okay I never tried running it on a BSD) authenticator - it could sync between a Linux box and a Windows desktop and an Android - that's everything in my Universe, and actually, who cares about Windows anyway?

Just about that time, as I started considering the move, Twilio informed everyone that Authy support on Desktop was going Bye Bye!

So the choice at that point was Easy Peasy - migrate nowwwww!!! And so I fired up my rarely used wYnd0z3 box and got an alert - "This desktop version will be retired soon, you need to update to the lastest version as soon as possible"... in so many words.

Hmmm... Yeah, I dunno. I think I'mma do some online searches, this sounds fishy to me. And oh boy did it stink to high heaven. I'm glad I checked that out and found a little blurb (over on Reddit, IIRC) that covered the steps required to export everything, a script, a hacked up patch, and voila! done - got it!

There was one caveat there, for those who ventured into those same murky waters that I had - DO NOT APPLY THE TWILIO UPDATE!!!* For those who did, they found out quickly that the a patch no longer worked, they could not perform the export, and this was by design since the export had to be performed on a desktop version of Authy, effectively subjugating the non-daring with the typical enshittification that we've always known as #Vendor_Lockin.

By the time Eric apparently got around to making the move to #Ente_Auth from #Authy, the laborious process was entirely manual - one site at a time, which you can READ ABOUT HERE.

You really gotta watch these sneaky proprietary types of folks.

So anyway, fast forward a bit to where we are now, and although I mentioned my second fav reason to select Ente Auth, I didn't disclose my fav - which should be obvious: It's #FOSS. And not just that, but #Self_Hosted FOSS, if you prefer to keep things close to your breast.

Anyway, that's the backstory and the long way around my announcement here that you an read up on the Audit of all Ente products here:

https://ente.io/blog/cern-audit/

So, IMNSHO, There's really no reason to choose another authenticator, really, truly, there just isn't.

I hope that helps. Enjoy!

#tallship #redundancy #TOTP

⛵

.

As a #Proton mail user myself, I am still reluctant to switch everything to it. When Proton released its authenticator, I felt this can become a SPOF or vendor lock-in. Not particularly the 2FA tokens, but if you have mail, calendar, vpn, passwords, ... all your digital guts there.

Some thoughts on that here https://www.codedge.de/posts/proton-authenticator-diversification/

#protonmail #vendor_lockin

Мастерство копки. Или как создаются технологические рвы

Вы когда-нибудь хотели построить замок? Не знаю, как с замком, но я, как предприниматель, всегда хотел создать ров, который сможет защитить компанию от конкурентов. Ведь замок без рва и крепкой стены, это не твой замок. С каждым годом создавать продукты становится все проще и проще. Иногда я узнаю о совершенно новой, революционной технологии или стартапе, но чуть стоит копнуть, как оказывается, что еще пять-шесть стартапов делают примерно то же. А в мире, где много компаний делает примерно одинаковый продукт, примерно одинакового качества, и всего несколько месяцев отделяет первопроходца от последователей, компании должны существовать на грани рентабельности, но это не всегда так. И возникает вопрос, что же отделяет победителей от проигравших. Сегодня я попробую разобраться в этом на конкретных примерах технологических компаний и приемов, которые они используют. А именно в том, как создаются “рвы”, которые в мире называются устоявшимся термином moat .

https://habr.com/ru/articles/925062/

#moat #технологический_ров #Vendor_lockin #платформенный_эффект #сетевой_эффект #создание_монополий_в_it

This is actually called the #AOL_effect...

Or at least it was before #Myspace was a thang.

Whatever you wanna call it today, #Network_effect, #separation_anxiety, or the original of all adages, #vendor_lockin - a prison designed and perfected by campaigns of #FUD by #IBM (a phrase coined by Dr. Amdahl himself), Simon gives you the straight dope on confronting your fears and apprehensions in this next article:

https://the.webm.ink/lock-in-syndrome

@[email protected]
@webmink
#tallship #FOSS #Fediverse

⛵

.