rust-u2f
andOTP
rust-u2f | andOTP | |
---|---|---|
8 | 75 | |
285 | 3,604 | |
- | - | |
5.4 | 2.5 | |
3 months ago | almost 2 years ago | |
Rust | Java | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rust-u2f
-
Software U2F with Fingerprint (On Linux)
This project aims to support U2F / FIDO2 using fingerprint reader on Linux (via libfprint). The goal is to have the same user experience with 2FA using Windows Hello.
This project is based on https://github.com/danstiner/rust-u2f with minor modification (see my fork: https://github.com/ngxson/rust-u2f-pkexec)
Link to the project: https://github.com/ngxson/softu2f-fprintd-docker
- The mechanics of a sophisticated phishing scam and how we stopped it
-
Apple, Google, and Microsoft commit to expanded support for FIDO standard
I've considered adding FIDO2 support to the software-only U2F token I wrote ( https://github.com/danstiner/rust-u2f). It's a fair bit of work though, and I am not sure how comfortable I am with passwordless login unless the keys are kept purely in hardware such as a TPM.
That said, my reading of this post is that FIDO2 support will get built into Chromium directly, which is itself open source. Or if you do want a hardware key but running open software, I'd definitely recommend https://solokeys.com/, I've been following them for a long time.
Also there was some related discussion on this same article last week: https://news.ycombinator.com/item?id=31274677
- Apple/Google/Microsoft to accelerate rollout of passwordless sign‑in standard
- Howdy – Windows Hello style facial authentication for Linux
-
Google is going to ban “less secure sign in method”
On a Workspace account you only need U2F token emulator (https://github.com/danstiner/rust-u2f woks fine) and thenn you can setup u2f first and add normal TOTP in second step. But u2f must stay there. I don't have a personal account to try if it works the same.
-
Ask HN: Is Google phasing out Authenticator/TOTP?
As it becomes easier to emulate hardware tokens[1], Google may start limiting which ones it accepts. I believe they can use attestation keys to do that.
This is just a softer layer of security to slow down less sophisticated mass signup attempts.
They may very well eventually phase out TOTP, under the justification that it is not as secure, but I would be shocked if they ever retire the highly insecure SMS verification.
TOTP is really easy to implement, and adds a ton of value. I have a oneliner that takes a screenshot, extracts the QR code with zbarimg, and adds it to my pass[2] password database, which then hooks back into my browser. I use it whenever it is available because it is so low effort.
[1]: https://github.com/danstiner/rust-u2f
-
Does 2FA actually prevent phishing?
GitHub has a couple of others listed, but I have not tested them personally: Example https://github.com/danstiner/rust-u2f
andOTP
-
EU tells Apple to open everything up to its rivals
I love F-Droid and try to use apps from there whenever possible.
I did recently discover that andOTP is no longer maintained, though. I've switched to Aegis since.
https://github.com/andOTP/andOTP
-
Ask HN: How do you deal with TOTP 2-factor auth?
I use andOTP[0] which auto-exports an encrypted backup to a local folder, which is then synced with Syncthing[1] to my NAS.
It's seamless and doesn't need an internet connection.
- [0]: https://github.com/andOTP/andOTP
- [1]: https://syncthing.net/
-
what is the best OTP auth tool in 2023?
- AndOTP github project is archived in june 2022: https://github.com/andOTP/andOTP
- Beware rogue 2FA apps in App Store and Google Play
-
What OTP app do you use?
I used FreeOTP before that, which is also fine. I switched because maintenance had been fairly uncommon and there were some minor issues bugging me, but it seems to have picked up again recently, and it's backed by Red Hat as an entity for better or for worse. andOTP is officially deprecated, so I recommend switching to either of those.
-
andcli: A 2FA TUI for your shell
At the moment this works with encrypted backup files from andotp and aegis and it totally fullfills my lazyness needs. :)
-
Aegis Authenticator – Secure 2FA App for Android
I was happily using andOTP but seems like it has been unmaintained since June - https://github.com/andOTP/andOTP.
I wish F-Droid or Play Store had a feature like GitHub's 'Archived' to inform users.
- TOTP for 2FA is incredibly easy to implement. So what's your excuse?
-
Overwatch 2 Will Record Voice Chat, Requires a Phone Number to Play
You can use whatever 2FA you want, but you need to extract the secret key for it using some scripts. i did it a while ago and i have both blizzards and steams 2fa on Aegis on android, also works in KeepassXC. I think the 2fa app needs to have support for it but it works. https://github.com/andOTP/andOTP/wiki/Shared-secrets
-
This might be a daft question but If I need to restore my phone/get a new phone and I need to sign into Google, how can I do this if I don't have access to the Bitwarden Authenticator app yet? Thanks
I would switch to andOTP since it allows you to export the keys.
What are some alternatives?
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
secretive - Store SSH keys in the Secure Enclave
freeotp-backup - A simple python script to backup OTP tokens from the FreeOTP Android app
Coze - Coze is a cryptographic JSON messaging specification.
AuthenticatorPro - 📱 Two-Factor Authentication (2FA) client for Android + Wear OS
wasmer - 🚀 The leading Wasm Runtime supporting WASIX, WASI and Emscripten
aegis-icons - Unofficial 2FA entry icons for open source Android authenticator Aegis.
solo1 - Solo 1 firmware in C
Tofu - An easy-to-use two-factor authentication app for iOS [Moved to: https://github.com/calleluks/Tofu]
CozeJS - Coze Javascript - cryptographic JSON messaging specification
google-authenticator - Open source version of Google Authenticator (except the Android app)