←back to thread

Passkeys and Modern Authentication

(lucumr.pocoo.org)
184 points Bogdanp | 10 comments | 02 Sep 25 13:47 UTC | HN request time: 0.873s | source | bottom
1. jcmontx ◴[02 Sep 25 17:59 UTC] No.45106732[source]
One day Authy for desktop was deprecated and all of a sudden I was forced to always have my smartphone with me, which I was struggling to replace with a dumbphone. To this day, I have no way out of owning an smartphone for this very reason
replies(3): >>45106857 #>>45106956 #>>45114607 #
2. psanford ◴[02 Sep 25 18:08 UTC] No.45106857[source]
I assume you were using Authy desktop for TOTP? You don't need a smartphone for storing TOTP seeds or generating TOTP codes.
replies(1): >>45107138 #
3. cuu508 ◴[02 Sep 25 18:15 UTC] No.45106956[source]
Are there many sites that only support Authy's push authentication and nothing else?
replies(1): >>45107184 #
4. jcmontx ◴[02 Sep 25 18:30 UTC] No.45107138[source]
Indeed, but I have like 40 different cloud providers, social networks and SaaS' which would be a pain to migrate
replies(2): >>45108008 #>>45108492 #
5. jcmontx ◴[02 Sep 25 18:33 UTC] No.45107184[source]
No, not really, it's about migrating/restoring every single 2FA key would be extremely inconvenient
replies(2): >>45107464 #>>45107565 #
6. cuu508 ◴[02 Sep 25 18:55 UTC] No.45107464{3}[source]
Do one a day :-)
7. arp242 ◴[02 Sep 25 19:02 UTC] No.45107565{3}[source]
TOTP should just be a (typically base32) secret string; I don't know if Authy allows exporting that though (and if not, that only underscores the point of this article).

I just use a simple shell script with dmenu/xclip/oathtool:

  #!/bin/zsh

  typeset -A opt=(
      Docker ABC
      GitHub DEF
      # ...
  )
  k=$(print -l ${(ko)opt} | dmenu -i)
  [[ $k != "" ]] && oathtool --totp --base32 $opt[$k] | xclip -rmlastnl
8. dwedge ◴[02 Sep 25 19:38 UTC] No.45108008{3}[source]
It's worth doing specifically because you can't be sure twilio won't do a second rug pull for mobile
9. palata ◴[02 Sep 25 20:22 UTC] No.45108492{3}[source]
I understand, but 40 doesn't sound too bad. When I moved from gmail to my custom domain, I had more than that to migrate. I just did it one at a time over a few months.

Same when I got my Yubikeys: I gradually moved the OTP seeds to them, wasn't that painful.

10. y0eswddl ◴[03 Sep 25 11:43 UTC] No.45114607[source]
Ente Auth or Bitwarden?