Sujet : Re: Codes sent by text message
De : V (at) *nospam* nguard.LH (VanguardLH)
Groupes : comp.mobile.androidDate : 12. Mar 2024, 09:23:33
Autres entêtes
Organisation : Usenet Elder
Message-ID : <1fuj8a8wvjzts$.dlg@v.nguard.lh>
References : 1 2 3 4 5
User-Agent : 40tude_Dialog/2.0.15.41
Frank Slootweg <
this@ddress.is.invalid> wrote:
VanguardLH <V@nguard.lh> wrote:
[Yet another mixup of 2FA/2SV deleted.]
I haven't delved much into TOTP, because I've yet to log into any sites
that use it, but it might be more secure than 2FA.
https://en.wikipedia.org/wiki/Time-based_one-time_password
My bank did add TOTP by letting their customers using the Authy app.
Alas, Authy discontinued their desktop (Windows) client leaving only
their mobile apps. Yet I don't do banking on my phone, only on my
desktop PC. So, Authy yanked their desktop client, can't use it anymore
with my bank, so I'm stuck with them sending the 2FA code to my Google
Voice phone number which forwards to me via e-mail. Obviously I can't
get texts on my desktop PC (it has no cellular service), and I'm not
running around the house to find my smartphones to power them up and
wait to get a 2FA code via SMS that I have to manually copy into the 2FA
form in the web browser on my desktop PC. At the server, 2FA codes
expire, so it could take me longer to use a phone with SMS than it took
to use Authy on my desktop where I was trying to login.
There are other TOTP desktop clients, but I don't know which will work
with my bank. They list only a couple TOTP clients, one of which is the
Symantec client that is geared to enterprise users. They don't list
other TOTP clients, like Google or Microsoft Authenticator.
As Dave Royal also mentioned, your bank probably mentions/'supports'
one or more TOTP 'apps'/programs, but - assuming they have not
re-invented the wheel - their systems should be standards-compliant and
hence worke with any standards-compliant 'app'/program.
See this list of OTP 'apps'/programs for possible Windows solutions
(pointed to by the 'See also:' of your reference)
'Comparison of OTP applications'
<https://en.wikipedia.org/wiki/Comparison_of_OTP_applications>
Authy will drop their desktop (Windows client), but the desktop is where
I do the vast majority of my web surfing and logins. Google and
Microsoft have their authenticators, but those are apps for Android or
iOS, so they are no value to me on a desktop. Besides Authy, my bank
says they support Symantec VIP which has clients for Windows, Mac,
Android, and iOS. Authy originally said they were dropping their
desktop client in August 2024, but they moved to this mid-March.
I read about Bitwarden for 2FA/TOTP, but that's a premium feature
($10/yr subscriptionware). Symantec VIP (well, I think) is free. The
wiki article doesn't mention that one. Until the wiki article, I had
not heard of SAASPASS Authenticator. Alas, while the wiki article makes
SASSPASS Authenticator look superior, the table is a bit misleading.
The personal-use client is only for mobile platforms. I'll probably
lookup comparisons between Symantec VPI and Bitwarden.
I was looking at the protocols, and it seems on the surface that just
about any authenticator app should work, but that could be me being
naive or overly hopeful. I didn't want to get into the incompatibility
with old chat clients that had their own protocols, so you had to use
the same chat app as with whomever you wanted to chat (unless you got
XMPP working on both ends, but typically on lesser featured chat
clients). From some forums, Symantec VIP provides the TOTP seed in some
non-standard form, so it seems sites that support Symantec VIP means
that's what you have to use, and other sites using OTP have you using
yet another authenticator.
While OAUTH change from OAUTH1 as a protocol to OAUTH2 as a framework,
seems everyone adapted the Google/Microsoft (who were the major players
in the OAUTH2 spec). Doesn't seem to have been true for TOTP and
authenticators. I'll probably try Bitwarden first, but I'm not finding
a trial of Bitwarden Premium.