Hacker News new | past | comments | ask | show | jobs | submit login

Why use GAuth and not AndOTP and do backups to synced folder?

https://play.google.com/store/apps/details?id=org.shadowice....




+1 on AndOTP.

It's also available on f-droid [1] and of course open source [2].

[1]: https://f-droid.org/en/packages/org.shadowice.flocke.andotp/

[2]: https://github.com/andOTP/andOTP


I'd even recommend Aegis [1]. Also open source with encrypted backups, but has better crypto than andOTP (both devs talk a bit about it here [2]). Plus, it can do imports from other OTP apps for easy migration.

[1] https://github.com/beemdevelopment/Aegis

[2] https://old.reddit.com/r/androidapps/comments/b45zrj/dev_aeg...


Thanks for this, I really like the discourse between these two in the second link. The andOTP author is open about their crypto being sub-optimal and giving the Aegis dev a thumbs up, reason enough for me to give Aegis a shot to replace it. Perhaps they'll join forces going forward and we all win. :)


Where are you storing those backups? If it's the same place as the passwords, you're weakening the second-factor assumption.


In same place as passwords, but with different password and both use different algo for encryption. Well, it's better that nothing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: