Dave Royal <
dave@dave123royal.com> wrote:
It's easier than you think. All the TOTP sites I use - admittedly
not many and none of them banks - use standards protocols. I
think all of them suggested Authy - not sure. GitHub and Mozilla
suggested FreeOTP IIRC.
The reason I chose andOTP on my Android tablet was (a) it's
opensource (b) it's offline (c) it can produce an encrypted
backup of its tokens (d) it requires a password to access.
FreeOTP on iOS could not do (c) and (d). All the tokens I have
originated on my Linux desktop. I point the Android tablet's
camera at the barcode on the screen to install it, then back it
up onto both. If I want to transfer the token to my iPhone - I
usually don't in case it's lost ot stolen, see (d) - I display
the barcode on the tablet and read that with the iPhone.
Bitwarden is open source, too; however, to get TOTP means paying for
their Premium version ($10/yr). From the wiki article mentioned by
Frank (
https://en.wikipedia.org/wiki/Comparison_of_OTP_applications),
Bitwarden supports the platforms I want and the features I want (if I
pay to get TOTP), but it's not a feature-rich comparison. FreeOTP and
andOTP are unusable on Windows. I don't want a TOTP solution only for
mobile platforms. I need an authenticator on desktops (Windows now,
perhaps Linux later) where I do the vast majority of web surfing (I hate
it on phones), and also available on Android, and would like to use as
few as possible, like just one authenticator on all platforms.
Bitwarden is also available as a Firefox add-on, the primary web browser
I use on a Windows desktop and on my Android phone. Firefox Mobile
allows installation of add-ons, but only some that are vetted for
Android. The Firefox Desktop add-on mentions support for 2FA (which
looks to be TOTP). The add-on is free, and if 2FA/TOTP is supported in
the add-on, then I don't need to buy their Premium version that includes
TOTP. I can't think of anywhere I've connected where 2FA is initiated
that wasn't when I was web surfing to a site. Web-centric apps handle
their own connections and authentication. So, Bitwarden as a Firefox
add-on should work for me: free, includes 2FA/TOTP.
But there remains the problem that TOTP doesn't yet seem a standardized
protocol, so Bitwarden might not work everywhere, like at sites that
tell you to use Symantec VIP. Too much is still proprietary. I see a
Symantec Authentication Client Extension add-on for Firefox Desktop, but
it's description leads me to believe you must have their authenticator
app installed, plus it's not a vetted add-on available for Firefox
Mobile, so I can't use that add-on on my Android phone within Firefox.
I'll first try Bitwarden as a Firefox Desktop add-on on my Windows host,
and test if it works with my bank that says to use Symantec VIP. If
not, I'm stuck having to also install Symantec VIP on my Windows host.
On my Android phone, doesn't look like there is a Bitwarden add-on for
Firefox Mobile. Based on the prior successful test on Windows, maybe I
can get by with just the Bitwarden app on my Android phone. If not,
I'll have to install both the Bitwarden and Symantec VIP apps on my
Android phone, and hope having multiple authenticator apps don't
interfere with each other.