Feedback:
I tried @protonprivacy Authenticator (which has import/export — great!) to get away from Authy (no exports, lock-in, ugh) and I hate to say it, but the Proton UI is inferior.
Proton: every entry looks exactly the same (except for the text), the list format takes up lots of screen space & requires scrolling for >5 entries.
Authy has individual icons that can be customized and takes up minimal space.16 items fit on one screen. Much easier to use.
Hat jemand Ideen für barrierefreie bereits existierende Technologien die Banken als zweiten Autorisierungsfaktor einbauen können?
Die App-Lösungen schließen (spastisch) Gelähmte Anwender*innen aus, ebenso wie TAN-Generatoren für die mensch sehend und eine Hand zur Bedienung braucht.
Ideal wäre, wenn das System noch mit Informationen parametrisiert werden kann, damit klar ist wofür gerade eine Freigabe erteilt wird.
Können Hardtoken wie #Yubikey sowas unterstützen?
Oder können Google Authenticator, Microsoft Authenticator oder #Authy sowas?
Ich hätte MS und Google eigentlich ungern an Bord.
#a11y #2FA #inklusion #banking #authorisation
Gern für Reichweite retooten
Ente completes CERN sponsored audit
This includes (especially so) Ente Auth.
I wanted to bring some awareness to this because when I think of MFA I typically think of TOTP Authenticators. Like my friend Eric Hameleers (alienbob), I bent the knee way back and adopted the proprietary, closed source product Authy by Twilio.
Why? Because there were considerations to raise, such as, "What if I drop my phone in the fricken' toilet?", or, "I want my authenticator to support installs on multiple platforms and sync" - Actually, both of those considerations are really the same thing. The mess about this really was that Google Authenticator and others didn't sync, existed on a single device, and I had no need or desire to enjoy passwordless authentication offered by Microsoft for some resources.
Authy provided multi-devices w/sync, on #Android, #Linux, and #Windows, okay I guess, and my phone(s). And then Ente Auth came out, they were working on the desktop version and close to a release, it sync'ed with multiple devices and second best of all, it was the first truly cross-platform (Okay I never tried running it on a BSD) authenticator - it could sync between a Linux box and a Windows desktop and an Android - that's everything in my Universe, and actually, who cares about Windows anyway?
Just about that time, as I started considering the move, Twilio informed everyone that Authy support on Desktop was going Bye Bye!
So the choice at that point was Easy Peasy - migrate nowwwww!!! And so I fired up my rarely used wYnd0z3 box and got an alert - "This desktop version will be retired soon, you need to update to the lastest version as soon as possible"... in so many words.
Hmmm... Yeah, I dunno. I think I'mma do some online searches, this sounds fishy to me. And oh boy did it stink to high heaven. I'm glad I checked that out and found a little blurb (over on Reddit, IIRC) that covered the steps required to export everything, a script, a hacked up patch, and voila! done - got it!
There was one caveat there, for those who ventured into those same murky waters that I had - DO NOT APPLY THE TWILIO UPDATE!!!* For those who did, they found out quickly that the a patch no longer worked, they could not perform the export, and this was by design since the export had to be performed on a desktop version of Authy, effectively subjugating the non-daring with the typical enshittification that we've always known as #Vendor_Lockin.
By the time Eric apparently got around to making the move to #Ente_Auth from #Authy, the laborious process was entirely manual - one site at a time, which you can READ ABOUT HERE.
You really gotta watch these sneaky proprietary types of folks.
So anyway, fast forward a bit to where we are now, and although I mentioned my second fav reason to select Ente Auth, I didn't disclose my fav - which should be obvious: It's #FOSS. And not just that, but #Self_Hosted FOSS, if you prefer to keep things close to your breast.
Anyway, that's the backstory and the long way around my announcement here that you an read up on the Audit of all Ente products here:
https://ente.io/blog/cern-audit/
So, IMNSHO, There's really no reason to choose another authenticator, really, truly, there just isn't.
I hope that helps. Enjoy!
⛵
.
🔐 What’s the best 2FA app in 2025? We break down Proton Pass, Aegis, and Authy—from encryption to device sync to backup ethics.
📱 If you’re serious about account security, this one’s for you.
📖 Read the full breakdown:
https://medium.com/@biytelum/the-ultimate-2fa-app-battle-proton-aegis-and-authy-duke-it-out-in-2025-2c0e6e1b4fa0
#2FA #CyberSecurity #DigitalPrivacy #Proton #Authy #Aegis #FOSS #infosec
#Proton 近期剛出了 #ProtonAuthenticator,因為支援多平台 (包含桌面系統) 且支援多裝置同步 (前提是要有帳號),於是我很快就從 #authy 搬過去了…
[...] They did it after they had a service side compromise to try to show they care about security. In reality, it is not a security feature. [...]
That's everything one needs to know about #Authy.
@[email protected] @[email protected] > the issues with Authy Authy banned using anything other than iOS or Google Mobile Services Android where Google has certified the device and OS due to licensing their software. They did it after they had a service side compromise to try to show they care about security. In reality, it is not a security feature. > companies with stronger right to repair mentalities Most of the products tend to have significantly worse security than a typical Samsung, etc. device.
Vamos falar sobre Verificação de Duas Etapas?
Atualmente utilizo o #Authy da #Twillio faz um tempão (desde 2019 basicamente), já utilizei o Microsoft Authenticator e Google Auth, não gostei de nenhum dos dois. Mas o Google Auth tem pelo menos opção de importar e exportar tokens, o que não existe no Microsoft Authenticator e Authy.
Alexander S. Kunz
Leela Torres
tallship
ferricoxide
Outvi V
BiyteLüm
ramaxlo
Kevin Karhan 
Animetrom
Williams Felipe (Will)