FLTK logo

[fltk.coredev] Re: [OT] github access for developers
FLTK matrix user chat room (using Element browser app)   FLTK gitter user chat room   GitHub FLTK Project   FLTK News RSS Feed  
  FLTK Apps      FLTK Library      Forums      Links     Login 
 All Forums  |  Back to fltk.coredev  ]
 
Previous Message ]New Message | Reply ]Next Message ]

Re: [OT] github access for developers duncan Nov 20, 2021  
  I wrote:
How do you now access your fltk forks at https://github.com/username/fltk ?
Specifically, what is your preferred method of two factor authentification, etc ?

Ian wrote:
OK, so... what I did was set up 2FA by SMS, but I'm not sure I'd describe that as my "preferred" method, it was more an "Oh, I don't have a TOTP app on my phone... I'll just use SMS, that'll do for now." And I kinda meant to change that at some point... but then I never quite did.

Albrecht wrote:
> I'm using FreeOTP (https://freeotp.github.io/) as I wrote before. It's open source on GitHub.
> Rumors say that you can read out the "secret" from the phone though. This may be a security issue (don't lose your phone).

I've been round and round the houses trying to decide how to proceed because
as I said, people have reported  being locked out after overwriting recovery codes:
e.g. https://www.youtube.com/watch?v=LKGhViHLsbU
and there's also the hassle if you change/lose your phone.

As far as I can see, the commercial one-time-password tools/apps such as
Authy, 1Passwd, etc lock you into their own encrypted vault system stored on
their central servers and you have to start from scratch, with recovery codes,
then disable and re-enable 2FA on each account if you ever want to change tools.

The one I have found that seems more flexible, but I could be wrong, is
Aegis Authenticator ( https://getaegis.app/ ) another open-source tool.
Like FreeOTP it stores the vault locally on your phone, but Aegis also lets
you password-protect the vault, and export it elsewhere for safety.

I'm still hesitant about taking the plunge because the weakest part of the
system is keeping the recovery codes safe.

I'm wondering whether it will be enough to save copies of them in encrypted
folders backed up and in sync across several computers, hope that nobody
steals both phone and computer at the same time, and then use a password
that is "twinned with"  the Aegis vault one on the phone so I won't forget it in
two year's time when I might actually need it, e.g. Laurel & Hardy :-)

Does anyone have a better suggestion? Or are you all using cloud-based
encrypted password manager systems anyway rather than relying on the
local system/browser to remember passwords for you?

D.


--
You received this message because you are subscribed to the Google Groups "fltk.coredev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fltkcoredev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/fltkcoredev/b831ac68-fea3-4d4d-87a8-a851d6b7d168n%40googlegroups.com.
Direct Link to Message ]		  
     
Previous Message ]New Message | Reply ]Next Message ]
 
 

Comments are owned by the poster. All other content is copyright 1998-2024 by Bill Spitzak and others. This project is hosted by The FLTK Team. Please report site problems to 'erco@seriss.com'.