I don’t think this can be our “main iOS recommendation” in place of Raivo, because ente requires an account, but as an Authy alternative it’s worth considering. Ente Auth’s sync is probably more secure than 2FAS (which I think just uses your OS’s cloud sync functionality like iCloud), but I’ll have to look into both of them further.
Edit 2: I won’t be involved in the review of this suggestion for the same reason I’m not reviewing ente Photos (see #2102 (comment)), so this will be handled by two team members other than myself.
@vishnukvmd any possibility of making a local only or local-first option for secret storage? honestly pretty good opportunity for ente auth here I think
My main concern with Ente was that the login is protected with email based 2FA. If I am storing secrets I would like to see stronger authentication, preferably hardware key. IIRC they are looking at hardware key authentication but no time-frame specified.
My main concern with Ente was that the login is protected with email based 2FA. If I am storing secrets I would like to see stronger authentication, preferably hardware key.
The login flow & account data are primarily protected by your ente password.
After email verification, the server returns the encryptedPrivateKey and encryptedAuthenticationToken. The authenticationToken is encrypted with your publicKey.
The app decrypts the encryptedAuthenticationToken using the privateKey. The privateKey can only be decrypted by your password, which only you know.
it’s relevant to this question, I would like to mention that based on our auditor’s recommendation, we are switching to an SRP-based authentication protocol to verify your identity from your email + password.
Thanks for coming here and getting involved in the discussion. Could you also enhance The import feature?
For instance, after exporting from Raivo, I can import json file to 2FAS, but it failed in Ente auth. I am aware that you mentioned in GitHub for a specific format for bulk imports. Then, I need to edit the export from other apps to comply with your format.
Support for importing from Ravio & Google Authenticator will be available in the next release (early next week). We have also added support for exporting codes in an encrypted format.
These import options are available in v1.0.54. We have also made a few other improvements, such as the option to view a QR code, disable email verification during login, and encrypted export.
For further enhancements and feature requests, please create an issue or start a discussion on our GitHub repo.
Indeed. After Raivo’s acquisition, I first tried 2FAS. However, there is no desktop app (dont find the extensions so convenient), and icloud backups are not E2EE. Then, I switched to Ente, and it is the closest thing to Raivo.
They improved the import and export functions after a community suggestion.
I think the UI just needs to be polished a bit more. Apart from that it meets all of my needs now.
Hey, I was waiting on the FDroid build to update this thread, but you folks are faster than their servers
To summarize the latest changes:
We now offer an offline mode, that does not require an account, and will instead encrypt and persist your secrets to your local device storage. You can optionally sign in at a later point if you wish to opt-in to e2ee backups.
We have updated our authentication flows to adopt SRP and have gotten this audited as well. Adoption of this protocol makes email-verification optional (you can toggle this within Settings > Security).
To ensure data portability, we’ve published a standalone CLI that you can use to decrypt encrypted exports.
@vishnukvmd I believe it is good to move the site logos on the left and make them bigger similar to 2FAS and Raivo. Especially on the phone, I intuitively look at the logos, not at the names of the services. Maybe you can put two options for users.
I also want to hear what others think.
Interestingly, this was a feature we built out over a live-stream, and I had started with the logos on the left for the reasons you pointed out. But majority of the community members on the stream felt the current design was better, since it utilized available space better, so switched it to what it is right now
I would like to see you put a space in the middle of the numbers like this: 273 173, so that it would be easier to read. This is similar to how a lot of these apps do it, including Aegis and 2FAS.
