I am currently on 2fas offline after RaivoOTP’s hostile take over, tho I am still a bit worried, because RaivoOTP is not fully open source and the fact that the developer lacks communication made me lost 100% trust
so my question is, do I need to do anything after changing my 2fa app? Are my 2fa keys and master password for the encryption compromised?
Raivo still needs to have your password to do a full compromise.
You can change passwords as you use your account, if you feel the need for it and for your sanity’s sake.
The (former) developer doesn’t lack communication, at all. The new owners do. It’s a bit different.
The app didn’t had any update since the takeover, so I think the trust you had still applies here, today.
You can move on (like I did), but I don’t see a reason for fear mongering right now.
Just uninstall the app, and remove the data from your iCloud and you should be good to go!
Well i do not agree. Tijme basically didn’t respond for ages either and his answer were pretty lame and easy. It was his call to sell the app, it doesn’t just free you from responsibility
You probably want to switch to Ente Auth. It will be listed on PG soon the PR for it is ready and approved.
Of course, you don’t agree, you were the one who opened the GitHub issue, but the poor man took ages by reply to you 4 days after, even when he mentioned (one day before your post) that he would share news in the future about that.
I also don’t like what happened with Raivo, but he’s free to do what he wants with his app.
Responsibility of what? He did nothing wrong! Raivo was a great app, and that was all. The future of it is not connected to him in any way.
(Just to clear, I never spoke with the guy. I just don’t agree with your take on him).
Here comes Brave 2.0 again.
Poor 2FAs have no chance. When the cult of PG focuses their spotlight on something, the others do not have a chance. 
You make so many assumptions I cannot even count them.
I do think you have responsibility as a product owner to make sure it turned over to a good company that takes care of it well and that you make good arrangements on the communication of such takeover. Clearly neither of that happend. It would be quite sensible to counter any attention of pitfalls quickly when arrise during a takeover. Radio silence was more their style. I actually know that Tijme is a nice guy (heard from) but this just wasn’t handled well.
Not sure what this has to do with Brave? Neither I dont understand your comment on spotlighting. We have looked as community at many options. Ente is very close to what Raivo was and has the best available security and privacy by default just like the other recommendations on the website.
There’s a 40+ post discussion here on 2FAS where the reason it isn’t recommended is clearly laid out:
As for now I am currently using 2FAs with the coud sync off, because I personally don’t like my seeds to be online
My thought is that because I use Raivo months before the acquisition, so the master password is safe? I don’t think there’s a way to reverse the encryption even if Mobime decides to change the code after that
but I am just a bit of a paranoid person, curious about your opinion
I don’t think there is much risk. But they obviously could make a malicious version of the app that syncs it unencryptedly. That’s why we do not want to use an app of a non trusted body.