extract_otp_secrets VS andOTP

This library uses the GPL v3 license: https://github.com/scito/extract_otp_secrets?tab=GPL-3.0-1-o...

Your options are to either go open-source or remove the library.

I used https://github.com/scito/extract_otp_secrets to export the keys from the Google Authenticator and imported them manually into Bitwarden.

You can extract plaintext secret keys from google authenticator app and store them in user friendly format/password manager

https://github.com/scito/extract_otp_secrets

you can actually export them using tools like this one

I recently switched from Google Authenticator to Raivo and I used the export option in google auth and this tool to get the seeds.

Getting the code out of Google Authenticator is not trival. If you are good with python, someone has written a script to do that https://scito.ch/content/extract-secret-keys-google-authenticator-qr-export. However, with 17, you may be better off just doing it manually.

Try this: https://scito.ch/content/extract-secret-keys-google-authenticator-qr-export

I was able to take a screenshot of GAuth backups on iPhone using the button hotkeys(IE: Power+Volume up). I setup a container that runs a go version of GAuth and used a python script to decrypt the (decrypted QR code) backup keys. Then I backed up the encrypted keyfile to offline disk, encrypted the container backup and deleted it from the hypervisor.

https://github.com/pcarrier/gauth

https://github.com/scito/extract_otp_secret_keys

I used the "zbarimg" command line tool to get the inputs for the following Python tool (see README for instructions) from each QR code exported from Google Authenticator. https://github.com/scito/extract_otp_secret_keys

I love F-Droid and try to use apps from there whenever possible.

I did recently discover that andOTP is no longer maintained, though. I've switched to Aegis since.

https://github.com/andOTP/andOTP

I use andOTP[0] which auto-exports an encrypted backup to a local folder, which is then synced with Syncthing[1] to my NAS.

It's seamless and doesn't need an internet connection.

- [0]: https://github.com/andOTP/andOTP

- [1]: https://syncthing.net/

- AndOTP github project is archived in june 2022: https://github.com/andOTP/andOTP

I used FreeOTP before that, which is also fine. I switched because maintenance had been fairly uncommon and there were some minor issues bugging me, but it seems to have picked up again recently, and it's backed by Red Hat as an entity for better or for worse. andOTP is officially deprecated, so I recommend switching to either of those.

At the moment this works with encrypted backup files from andotp and aegis and it totally fullfills my lazyness needs. :)

I was happily using andOTP but seems like it has been unmaintained since June - https://github.com/andOTP/andOTP.

I wish F-Droid or Play Store had a feature like GitHub's 'Archived' to inform users.

You can use whatever 2FA you want, but you need to extract the secret key for it using some scripts. i did it a while ago and i have both blizzards and steams 2fa on Aegis on android, also works in KeepassXC. I think the 2fa app needs to have support for it but it works. https://github.com/andOTP/andOTP/wiki/Shared-secrets

I would switch to andOTP since it allows you to export the keys.