Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: VanguardLH Newsgroups: comp.mobile.android Subject: Re: Codes sent by text message Date: Tue, 12 Mar 2024 15:52:05 -0500 Organization: Usenet Elder Lines: 55 Sender: V@nguard.LH Message-ID: <1hwcc9kiu43e1$.dlg@v.nguard.lh> References: <1mtd3l3os6odg.dlg@v.nguard.lh> <1fuj8a8wvjzts$.dlg@v.nguard.lh> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Trace: individual.net lGAcHtk+yN83zGBCXsIy+wONA9O0lbdzorxnbaZQlL/s6MrLFW Keywords: VanguardLH,VLH Cancel-Lock: sha1:WEgZKwEZdU2YlaIpqYmjG79xpkM= sha256:JNwhM35HRAyyiE4h4EopfdFA0LIWZvXQ4VXeR1qqLiY= User-Agent: 40tude_Dialog/2.0.15.41 Bytes: 4315 Dave Royal wrote: > It's easier than you think. All the TOTP sites I use - admittedly > not many and none of them banks - use standards protocols. I > think all of them suggested Authy - not sure. GitHub and Mozilla > suggested FreeOTP IIRC. > > The reason I chose andOTP on my Android tablet was (a) it's > opensource (b) it's offline (c) it can produce an encrypted > backup of its tokens (d) it requires a password to access. > FreeOTP on iOS could not do (c) and (d). All the tokens I have > originated on my Linux desktop. I point the Android tablet's > camera at the barcode on the screen to install it, then back it > up onto both. If I want to transfer the token to my iPhone - I > usually don't in case it's lost ot stolen, see (d) - I display > the barcode on the tablet and read that with the iPhone. Bitwarden is open source, too; however, to get TOTP means paying for their Premium version ($10/yr). From the wiki article mentioned by Frank (https://en.wikipedia.org/wiki/Comparison_of_OTP_applications), Bitwarden supports the platforms I want and the features I want (if I pay to get TOTP), but it's not a feature-rich comparison. FreeOTP and andOTP are unusable on Windows. I don't want a TOTP solution only for mobile platforms. I need an authenticator on desktops (Windows now, perhaps Linux later) where I do the vast majority of web surfing (I hate it on phones), and also available on Android, and would like to use as few as possible, like just one authenticator on all platforms. Bitwarden is also available as a Firefox add-on, the primary web browser I use on a Windows desktop and on my Android phone. Firefox Mobile allows installation of add-ons, but only some that are vetted for Android. The Firefox Desktop add-on mentions support for 2FA (which looks to be TOTP). The add-on is free, and if 2FA/TOTP is supported in the add-on, then I don't need to buy their Premium version that includes TOTP. I can't think of anywhere I've connected where 2FA is initiated that wasn't when I was web surfing to a site. Web-centric apps handle their own connections and authentication. So, Bitwarden as a Firefox add-on should work for me: free, includes 2FA/TOTP. But there remains the problem that TOTP doesn't yet seem a standardized protocol, so Bitwarden might not work everywhere, like at sites that tell you to use Symantec VIP. Too much is still proprietary. I see a Symantec Authentication Client Extension add-on for Firefox Desktop, but it's description leads me to believe you must have their authenticator app installed, plus it's not a vetted add-on available for Firefox Mobile, so I can't use that add-on on my Android phone within Firefox. I'll first try Bitwarden as a Firefox Desktop add-on on my Windows host, and test if it works with my bank that says to use Symantec VIP. If not, I'm stuck having to also install Symantec VIP on my Windows host. On my Android phone, doesn't look like there is a Bitwarden add-on for Firefox Mobile. Based on the prior successful test on Windows, maybe I can get by with just the Bitwarden app on my Android phone. If not, I'll have to install both the Bitwarden and Symantec VIP apps on my Android phone, and hope having multiple authenticator apps don't interfere with each other.