What is Reddit's opinion of
FreeOTP Authenticator?
From 3.5 billion Reddit comments
Popularity Score: 32
This app was mentioned in 41 comments, with an average of 2.49 upvotes
Best Comments
Here's the trick~~...
When you create your 2FA account, save the QR code that shows up on the screen. It's probably a PNG file. This QR is not a one-time code--it's reusable. It can recreate the details needed to restart 2FA on a new device. I use FreeOTP and when I provision a new phone (every 3-4 months), I scan the QR codes for my Gmail, github, dropbox, etc. accounts.
I have the QR codes stored on a flash drive that I keep in my locked gun safe along with printed copies and a printed sheet of the backup codes. But, I worry about the day when stupidity and poor security procedures kick my ass.
Edit: removed the bad opsec comment thanks to an explanation by u/TidySet
Unhelpful response. Let's try that again.
Hey everyone, please note that this is not open source software and, therefore, cannot be verified in how it works, causing potential security risks. The same problem exists with Google Authenticator.
But there's a free and open source alternative, using the same protocol and, therefore, compatible with the aforementioned app and Google Authenticator. It is called FreeOTP and can be found here: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp
See, was that so hard?
I moved away from FreeOTP because there was no export/backup function, so maybe that would be a good option for you. It's also open source.
I've been using "FreeOTP" in place of "Google Authenticator". Which has its own camera function built-in.
The downside being you will have to transfer over, which can be a bit of a hassle.
https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp
FreeOTP is a great open source alternative to Google Authenticator. I like how it automatically copies the code to the clipboard.
If you're looking for an OTP app, https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp is open-source and maintained by RedHat.
If you're looking to programmatically build a 2fa feature into your application, we'll need more information.
Les recomiendo FreeOTP. Es bien simple y me ha resultado mejor que Authy y el Google Authentificator.
Respecto a Tuenti, estas seguro que no lo podes usar sin credito para recibir mensajes en el exterior? Segun entiendo es la segunda marca de movistar, yo con esta ultima empresa tengo un pepago sin credito con el que recibo mensajes en el exterior (lo tengo de segundo chip); lo unico que debo cargarle el minimo de credito cada 4 meses para que no lo den de baja.
You didn’t mention what mobile OS you’re using but here’s an open source one.
iOS https://apps.apple.com/ca/app/freeotp-authenticator/id872559395
Android: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en
It's just the most popular app that deals with RFC4226 and RFC6238. There's also FreeOTP
I use both, I see no functional difference. Internally, I don't have any idea how either keeps the secret used to calculate the hash.
If Google Authenticator isn't working, FreeOTP is a good alternative: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en
Another one that has more features like cross device syncing that I've been using for a while now is Authy: https://play.google.com/store/apps/details?id=com.authy.authy&hl=en
Shameless plug for FreeOTP - https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp
It can easily be switched out for Google authenticator. It provides the same functionality, but is 100% open source. Only downside is you may have to redo the codes at each site.
Use only web wallets that support two factor authentication(2FA). Apps such as Free OTP are usually the best 2FA solution.
That switch was quite a while back.
And it only affects the version of the code they put on the Play Store.
You can still download, build, and install the authenticator app from its former source.
Alternatively, you have FreeOTP (app/sauce), which is licensed <code>Apache 2.0</code>...
Or really, any app you decide to trust, as long as it supports HOTP and TOTP...
Shameless plug for FreeOTP (https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp) fully open source alternative to Google authenticator.
If they are successfully creating accounts with your username then they probably have access to your email. If I remember correctly, ebay requires verification of the email address.
I'd recommend you'd go to Google's account security page
change your password and revoke access to all devices associated with your account.
I'd recommend you use a password manager like Keepass or Lastpass as well. They will let you securely store your passwords so you don't have to remember thousands. Just one.
This way you can use long, randomized passwords to help keep your account secure in the future.
Also you should Enable 2 Step Verification
2 step verification will require you to enter a one time password each time you login. Proper onetime password generators, such as FreeOTP
Generate the code locally on your smartphone, so there is no code for the hacker to intercept.
I hope you resolve the situation soon. If you need anymore help with this, or you have any questions feel free to PM me. I'm not sure that the privacy subreddit is really the appropriate place for lengthy security related tech support sessions.
Edit: Fixed da link
And the play store, it seems.
Жесть. Выходит, компаниям в российской юрисдикции чувствительные данные вообще доверять нельзя (ясно, что лучше вообще никому не доверять и/или шифровать всё, но описанное в статье же вообще ад).
Для защиты от этой проблемы:
- Удалите телефон из списка способов восстановления, вместо него укажите почту на безопасном сервисе, например Tutanota.
- Если используете двухэтапную аутентификацию (а надо бы), в качестве средства получения кодов доступа вместо телефона лучше использовать Google Authenticator (на мобильных платформах лучше всего работает приложение FreeOTP, есть для Android и iOS).
If you're talking about the authenticator app where you type in a number based on TOTP then, No. But other types of login connected to Google then, yes.
If using TOTP I'd suggest using FreeOTP instead. It can provide the same number codes as GAuth for 2FA logins but is open source and created by Red Hat. You can also get from FDroid so that it's not linked with play store in any way, and you can verify what you run is built from open source code.
TOTP is Time-Based One Time Password following RFC6238.
Oh, sure!
If you want a deep clean of your PC, install and use Privazer . I run it 2 times per week.
Install NoScript. Even if you don't want to block script, it protects you from clickjacking and other things. If you want to block scripts, I recommend uMatrix and NoScript set to Allow Scripts Globally.
Use HostsMan to block ads and trackers in all programs. Don't download too many lists, MVPS Hosts should be enough.
If you want an encrypted online place for your password, try LastPass. It should be safe. I store my passwords locally with KeePass (it's not so beautiful, but the database stays on your computer, encrypted.)
FreeOTP is an alternative for Google Authenticator (I don't trust Google, that's why I choosed FreeOTP). You can use it to get a code for two-factor authentication. I use it for Facebook and Google ; you don't have to enable Wi-Fi to get a code for log-in. (It's complicated to set up for the first time, then really easy.)
Malwarebytes Anti-Exploit it's interesting too. It's free.
I have 14 active extensions in Firefox and the browsing it's a pleasure. Experiment with every extension. My favorites are uMatrix, uBlock and Random Agent Spoofer. Browse Facebook in private-browsing mode, I think it will not interfere with other potential cookies on your PC (I think).
I started using Cryptocat. After you install it and restart the browser, press Alt + Shift + C . Name the conversation and write your nickname. Your friend must use Firefox and have Cryptocat installed (give him the conversation name and that's it).
Tor is the best for anonymity (in my opinion). I use it when searching for sensitive information like privacy things and browsing EFF.org . It automatically blocks third-party requests and does so much more. It's portable and useful, although you will find browsing difficult on some websites (your permission is blocked or too many captchas).
Bonus : It's not for privacy, but here's a very nice dark theme for Firefox : https://addons.mozilla.org/En-us/firefox/addon/ft-deepdark/ .
Documentation : http://www.huffingtonpost.com/news/internet-privacy and www.eff.org .
A good free and open source app is FreeOTP by RedHat.
GA is no longer fully open source. I strongly recommend using FreeOTP instead.
https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp
Indeed, Red Hat even has one: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp
Скачать кошелек можно тут: https://www.cloudtokenwallet.com/
Для регистрации понадобиться ввести пригласительный код, без него регистрация не получится: 0183959182
Наша команда DIGITAL NATION: http://elvudi.dn.team/lp551077/
Инструкция как установить кошелек Клауд Токен (ClaudToken): https://youtu.be/1xrCOOBkS2s
​
Для использования google аутентификатора, я сам лично рекомендую использовать эту очень крутую программу: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en
​
Подробная инструкция по регистрации в Cloud Token https://telegra.ph/Cloud-Token-06-14-2 Как сделать ее за 2 минуты смотрите инструкцию в системе.
--------------------------------------------------------------------------
While you wait for something else:
https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp
Agreed. Great, simple application that doesn't try (or need) to do too much.
Link for those interested: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp
Here are two basic, easy security tips
Number 1: use a password manager like LastPass or KeePassX. A password manager generates secure random passwords and stores your login info in an encrypted vault that can't be accessed without the encryption key. The benefit to this is you can generate long complicated passwords that you don't have to remember, you only need to remember your master password.
I use LastPass because it's very convenient, I've had very few problems with it. It syncs to a cloud, encrypting your vault on your computer or phone before sending it to a server so you can access it on another computer if you have to. The mobile app is really nice too. KeePassX is more secure but less convenient as it isn't sent to any kind of server, it stays on the device you saved it on. I'm pretty sure there's a way to sync across devices but I don't know anything about it, I went straight to LastPass.
Number 2: use 2 Factor Authentication anywhere you can. When you login to a site where you have 2FA enabled, after entering your password you have to enter a second passcode you have on you, usually sent to your phone. This is beneficial because even if your password does get compromised, the attacker most likely can't access your account because they also need access to your phone. It's best to get a 2FA app like FreeOTP (Google Play // Apple App Store). The benefit of having an app vs. SMS 2FA is 1) it's more secure, and 2) you're not giving your phone number out to a website. It doesn't sit well with many people (like me).
2FA on everything you can is ideal, but if it's too inconvenient for you then at least have it on your most sensitive sites. Email, cloud-based storage like iCloud or Dropbox, and (if applicable) your password manager are the top three that come to mind.
In my opinion these two are the most basic, easy security tips you can implement.
> I heard that if you change your SIM card, you will get lock out and stuff
Who told you that? OTP is not dependent on your SIM card, all it needs is one secret key that you should import to the app using QR code. I'm using FreeOTP instead of Google Authenticator though as it's free and open-source. Also this functionality is provided by Assistant for War Thunder app.
On Android, I use this one : https://github.com/bitcoin-wallet/bitcoin-wallet You can get a binary from the Google Play store too. There's an awesome feeling just simply having digital currency on your phone. It's like living inside a Star Trek episode.
https://blockchain.info strikes a good balance between usability and security. I wouldn't hold any sizeable balance on there, nor store coins on there for a long duration. There's a lot of FUD online surrounding blockchain.info... but they're also a prime target.. so.. YMMV.
More long term "Buy and HODL", for <10BTC, a paper wallet is probably the best. The magic phrase to google for is "BIP38 Paper Wallet". There's lots of great choices in this space, so don't get overwhelmed by the options, just choose 2 or 3 at random to look at indepth then go for the one that feels better.
Trying to secure more than 10BTC or for more than a few years? I don't really have any good recommendations. :(
If you're looking to buy 0.5BTC, why not spread a third in each? It's a great way to dip into Bitcoin, spread your risk around, and get a feel for some of the tradeoffs involved.
Enjoy!
p.s. Be sure to use https, 'incognito mode', a password manager, and perhaps even a different login etc etc. i.e. Secure your browser first. p.p.s. Sooner or later you might need something like this: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en
If you don't trust google, you can use this one, which is open source: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en
Maybe try a different tablet app?
For OSX: Authy, OTP Auth, Authenticator
For Android: FreeOTP