voidq.xyz is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.

This server runs the snac software and there is no automatic sign-up process.

Admin account
@hey@voidq.xyz

Search results for tag #otp

[?]Radio_Azureus » 🌐
@Radio_Azureus@ioc.exchange

[?]Radio_Azureus » 🌐
@Radio_Azureus@ioc.exchange

OTP Clients servers closed source & vendor lock-in

TIL about freeOTP an Open Source OTP client for the two major mobile OS.

I already have a couple of nice OTP clients on my phones and love to have alternatives, in case one is not compiled anymore for newer Android OS

History

Many years ago I stubled upon authy a closed variable OTP client for Android. It ran on Linux win64 Android

This pesky client did something you'd expect from an ex-girl / boy-friend!

Authy has a model where it allows you to seamlessly sync your OTP parameters with their double blind server network Double blind just like private bin, a magnificient piece of encryption software you should also know / learn about.
The authy sync network never sees your data since there are multiple encryption layers.

Without checking the fine print (just like your ex- there is none) I used authy, migrating my multitude of OTP records because I loved the convenience of auto server sync. THe migration took a redacted time (many OTP records reside here) and I added a redacted ammount of records afterwards...

Horrors krept up when I wanted to see my OTP records from within authy, not the output the codes themselves
I could not find that option, which my other OTP client has.
I send a tweet to authy verified account which I had frequent daily & fun conversations with, promoting the program on twitter (many many years ago).
I asked which external switch I could use in the linux client to export my OTP codes

Authy twitter: dead silence...

On my tweets I normally got responses within 5 - 30 minutes

I never got a response from them again

Baffled at this sudden chance in character (just like your ex- who ignores you in your own house all of a sudden) I did extensive research in the subject matter

Research had showed that authy has malicious code & policy which punishes people who use external methods to extract their OTP codes from the program!

What do they do you ask?

Simple:

  • you are locked in using the program
  • you get locked out trying to break the lock-in

Details

The OTP records are in encrypted vault(s) on your device, which could be your linux machine Android or mac / iphone
In order to get a OTP record decrypted contact was needed with the authy sync server network

You get cut off when they detect your attempt of jailbreaking your own OTP records

Your client is not allowed to contact the servers for a set ammount of time, locking you out of accessing all your accounts which you got trapped in the authy jail, just like your failed relationship with your ex-

When contact is allowed again, you will usually stop messing with your main account, leaving you only to create new OTP records for your accounts, defeating the convenience of server sided sync.

Authy you bad bad ex-!

I had forgotten the main rule

There is no cloud, just someone else computer!

After that debacle I fetched Open and ad free Android clients, of which none have Linux programs. These clients give full export posibilities and backup

Update:

I am looking now for Linux clients and executed

  • apt install otp
  • apt install otpclient

Otpclient gave me a warning that my OS memlocklimit is too low, which means I need to tune that first to sane levels. otherwise insecure memory use may be the result for otpclient.
I shall execute what is written in the last source link
I have now linux native OTP programs in which I can import my OTP data on my Android devices

This is where freeOTP shall also participate

Sources:

mnn otp(1)

man otpclient(1)

en.wikipedia.org/wiki/One-time

en.wikipedia.org/wiki/Multi-fa

en.wikipedia.org/wiki/OTPW

en.wikipedia.org/wiki/FreeOTP

freeotp.github.io/

freeipa.org/

github.com/paolostivanin/OTPCl

freeOTP

Alt...freeOTP

freeOTP

Alt...freeOTP

freeOTP

Alt...freeOTP

    0 ★ 0 ↺

    [?]voidq :verified: [he/him] » 🌐
    @hey@voidq.xyz

    Interview:
    Server sends the OTP verification to the client via SMS/VoiceCall
    But the OTP expires after 50s immediately and it is not stored in server then how server verifice it?


      [?]gary » 🌐
      @gary_alderson@infosec.exchange

      @jerry further binding me to google - i could never have reliable self hosted email or maybe i am just that lazy and privacy ignorant #5 nines

      I have correct passwd for my yahoo mail but they want me to install what'sapp for verification - which i don't want to do - please just have some neutral verification options