Comment by Avamander
3 years ago
AndOTP is great. Especially if you compare it with all the iOS options.
iOS TOTP apps all suck, it's amazingly bad. I installed like ~15 different ones. After the fifth try, I just had to know if it was just my poor initial selection or a general problem.
Each and every iOS TOTP app has at least one crucial problem - requiring a subscription, mandatory sync to a proprietary cloud, having no export-import, not having a watch companion, being from an unknown/generic developer, no support for longer TOTP codes (worse, some display it truncated!) or they're simply very buggy.
I settled on Step Two because it was like all the others, but not an eyesore...
iOS's security makes a self-hosted/non-third party backup/sync super difficult IIRC. (Unless you use Apple's product) I think unless the app has it built in, it's not easily doable. Android can use syncthing, but even Google is making that more and more difficult with each release.
Is there a standard app developers can use to securely sync/backup to for self-hosters? Is there a 'nice' UX/flow to connect apps to s3-style storage (enabling folks to use AWS/DO/Backblaze/whatever?) or would that be too raw?
You're most likely correct about automatic synchronisation from filesystem like that. That though doesn't mean there can't be any built-in integration with Next/OwnCloud or simply manual export-import.
I have been using OTP Auth for a while. It doesn't get updated a lot but it's working fine.
https://cooperrs.de/otpauth.html
Did you try Ravio OTP? I've seen good things said about it by FOSS people.
https://raivo-otp.com/
Yes. It had no import functionality, no Apple Watch companion, and a relatively convoluted setup process that adds a point of failure without reasonable reduction in any risk.
One would have to set a password that they then store in a password manager, that is then accessed using the same 2FA protected by the password. Plus a mandatory PIN, with the same caveats. Cyclical or duplicate authentication is simply not good design.