keepassxc
google-authenticator
DISCONTINUED
Our great sponsors
keepassxc | google-authenticator | |
---|---|---|
512 | 24 | |
18,644 | 4,501 | |
3.2% | - | |
8.7 | 0.8 | |
8 days ago | over 3 years ago | |
C++ | Java | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
keepassxc
- KeePassXC Issue: [Passkeys] should never be exported in clear text
- Authy to sunset EOL end of March 19, 2024 (originally August 2024)
-
Ask HN: Best Password Manager without cloud login?
If you use KeePass, make sure you use the KeePassXC variant. KeePass is dead.
-
Do you trust password mangers?
That's why you use the superior one, KeePassXC, as linked in the NIST link: https://github.com/keepassxreboot/keepassxc/discussions/9433
- What program(s) do you use to remember passwords, including crypto?
-
KDE Plasma 6.0 Is Enabling Wayland by Default
Another regression is that KeePassX/C AutoType doesn't work with Wayland, so now instead of a simple CTRL+V in KeePassXC, I have to separately copy and paste the user and the pass.
-
Bitwarden Adds Support for Passkeys
That's really a shame, I know keepassxc has (recently) added support for passkeys, but does it also support import/exporting them? I only found this comment[0] in the github issue.
---
0: https://github.com/keepassxreboot/keepassxc/issues/1870#issu...
- andOTP
-
Google-hosted malvertising leads to fake Keepass site that looks genuine
When you're at a point where you're relying on a display name to make security-critical decisions, you've already lost.
Character substitutions like ķeepass or ƙeepass or keypass are at least possible to spot if you know the name of the product, but not the full URL.
But there are many ways to create lookalike domains that don't change the product name: https://keepass.org https://keepass.net https://keepass.info https://keepass.cx https://keepassxc.org https://keepass-info.net https://keepass-manager.com
Which of these is the correct one? (It's https://keepassxc.org of course, but just looking at the URL won't tell you that.)
The root cause is downloading software you see advertised on Google even though that does not in any way establish trustworthiness.
-
Google announces passwordless by default: Make the switch to passkeys
Appreciate the response. And I wish this message was front and center. The Attestation feature is what worries me, when, say, the bank turns it on for a few 'blessed' providers.
Watching https://github.com/keepassxreboot/keepassxc/issues/1870 with baited breath... :)
google-authenticator
-
Locker: Store secrets on your local file system.
Locker can generate Time Based OTP codes parsing TOTP urls stored under a special key named totp.
- TOTP tokens on my wrist with the smartest dumb watch
- LastPass gehackt, Nutzerdaten aber anscheinend sicher
-
Twilio, the people who own Authy, got hacked
If we're talking about the encrypted Authy TOTP secrets and IF they get cracked or guessed, Authy does store the email in the name of the item. Having the name, service and the secret within the QR code's URI is normal and the standard for TOTP. The only thing the hackers won't have is the password.
-
Implementing one-time password
You can get string value otpauth://totp/otp_example?secret=NBSWY3DP from QR code. This formt is defined in [Google Authenticator Key Uri Format].(https://github.com/google/google-authenticator/wiki/Key-Uri-Format)
-
Is there a way to fetch an Authenticator/email validation code?
You only need to pass the parameters from the Key Uri.
-
Getting started with Refine, the React-based framework
In this scenario, we'll use third-party libraries such as Google Authenticator, Axios, and dotenv. Users will be able to authenticate themselves using Google, send requests to REST endpoints using Axios, and preserve secret API keys using dotenv.
-
Ask HN: How do I protect myself against SIM swap attacks?
TOTP/HOTP codes are defined by an algorithm (sha1/md5/...), secret (A826EF8...), and number of digits (I usually see 6 digit codes). TOTP additionally takes time as a parameter (ex: it changes every 30 seconds) and HOTP takes a counter as a parameter. All of these parameters go into the function to generate the numbers as a result.
If you have ever set one of these up with a QR code, that QR scans to something like: otpauth://totp/ACME%20Co:[email protected]?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30 (From: https://github.com/google/google-authenticator/wiki/Key-Uri-...)
So to directly answer your question: a backup would in some way contain all the parameters above, possibly in that otpauth:// format, but could be json or something else.
I would not consider Authy to be a trustworthy backup. I assume they are storing these secrets for you and transferring them to other computers at your request. If you can't see the secret, you can't switch to a different app. (Take this last paragraph with a grain of salt, I don't know much about authy but it sounds like trouble. I use FreeOTP and other open source OTP apps).
-
How does Google Authenticator work?
https://github.com/google/google-authenticator/wiki/Key-Uri-...
That's the format that gets encoded into the QR code. If you can decode the QR code you can get the secret key easily.
-
Last night I was the victim of a SIM swap.
They are both TOTP or HOTP (based on the type passed in the otpauth uri, defaulting to type=totp algorithm=sha1 digits=6)
What are some alternatives?
KeePassDX - Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
KeePass2.x - unofficial mirror of KeePass2.x source code
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
Strongbox - A KeePass/Password Safe Client for iOS and OS X
MacPass - A native macOS KeePass client
keepassx - KeePassX is a cross platform port of the windows application “Keepass Password Safe”.
Bitwarden - The core infrastructure backend (API, database, Docker, etc).
pyotp - Python One-Time Password Library
syncthing-android - Wrapper of syncthing for Android.
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]