Continuing the discussion from Remove Raivo OTP (iOS MFA):
Edit: See Ente Authenticator (2FA) - #15 by vishnukvmd
I don’t think this can be our “main iOS recommendation” in place of Raivo, because ente requires an account, but as an Authy alternative it’s worth considering. Ente Auth’s sync is probably more secure than 2FAS (which I think just uses your OS’s cloud sync functionality like iCloud), but I’ll have to look into both of them further.
Edit 2: I won’t be involved in the review of this suggestion for the same reason I’m not reviewing ente Photos (see #2102 (comment)), so this will be handled by two team members other than myself.
@vishnukvmd any possibility of making a local only or local-first option for secret storage? honestly pretty good opportunity for ente auth here I think
Requiring an account does not sound good. But this is the closest app to Raivo. Other apps one way or another have missing features.
I failed to import tokens exported from Raivo. Maybe someone who tried can share their experience.
Edit: I also prepared a simple excel sheet to compare MFA Apps on iOS. Feel free to add your thoughts.
My main concern with Ente was that the login is protected with email based 2FA. If I am storing secrets I would like to see stronger authentication, preferably hardware key. IIRC they are looking at hardware key authentication but no time-frame specified.
Hello, I am part of the ente team.
My main concern with Ente was that the login is protected with email based 2FA. If I am storing secrets I would like to see stronger authentication, preferably hardware key.
The login flow & account data are primarily protected by your ente password.
After email verification, the server returns the
authenticationToken is encrypted with your
The app decrypts the
encryptedAuthenticationToken using the
privateKey can only be decrypted by your
password, which only you know.
it’s relevant to this question, I would like to mention that based on our auditor’s recommendation, we are switching to an SRP-based authentication protocol to verify your identity from your email + password.
any possibility of making a local only or local-first option for secret storage? honestly pretty good opportunity for ente auth here I think
Requiring an account does not sound good.
Honestly, we don’t have plan or bandwidth to change this requirement in the near future. The app’s primarily USP is seamless cross-device sync.
That said, if it helps, the app works fine in offline mode. You can scan new codes, delete un-synced codes and perform export/import operations.
Thanks for coming here and getting involved in the discussion. Could you also enhance The import feature?
For instance, after exporting from Raivo, I can import json file to 2FAS, but it failed in Ente auth. I am aware that you mentioned in GitHub for a specific format for bulk imports. Then, I need to edit the export from other apps to comply with your format.
Could you also enhance The import feature?
Thank you for the suggestion.
Support for importing from
Google Authenticator will be available in the next release (early next week). We have also added support for exporting codes in an encrypted format.
Awesome. Thanks for your responses.
These import options are available in v1.0.54. We have also made a few other improvements, such as the option to view a QR code, disable email verification during login, and encrypted export.
For further enhancements and feature requests, please create an issue or start a discussion on our GitHub repo.
With the latest update on iOS, Ente auth added the “Option to use the app completely offline, without an account (and backups)”
I think this quickly became a very good option. Cross platform, in and export options. Looks neat.
Indeed. After Raivo’s acquisition, I first tried 2FAS. However, there is no desktop app (dont find the extensions so convenient), and icloud backups are not E2EE. Then, I switched to Ente, and it is the closest thing to Raivo.
They improved the import and export functions after a community suggestion.
I think the UI just needs to be polished a bit more. Apart from that it meets all of my needs now.
Hey, I was waiting on the FDroid build to update this thread, but you folks are faster than their servers
To summarize the latest changes:
- We now offer an offline mode, that does not require an account, and will instead encrypt and persist your secrets to your local device storage. You can optionally sign in at a later point if you wish to opt-in to e2ee backups.
- We have updated our authentication flows to adopt SRP and have gotten this audited as well. Adoption of this protocol makes email-verification optional (you can toggle this within Settings > Security).
- To ensure data portability, we’ve published a standalone CLI that you can use to decrypt encrypted exports.
@purplecactus @Anonymous49 @xyzzy: thank you for all the feedback so far!
@Tech-Trooper: if you’ve ideas on how we could improve the UI/UX, do let us know!
@vishnukvmd I believe it is good to move the site logos on the left and make them bigger similar to 2FAS and Raivo. Especially on the phone, I intuitively look at the logos, not at the names of the services. Maybe you can put two options for users.
I also want to hear what others think.
And, Thx for listening to the community feedback!
Interestingly, this was a feature we built out over a live-stream, and I had started with the logos on the left for the reasons you pointed out. But majority of the community members on the stream felt the current design was better, since it utilized available space better, so switched it to what it is right now
We’ll add an option for larger icons.
I would like to see you put a space in the middle of the numbers like this: 273 173, so that it would be easier to read. This is similar to how a lot of these apps do it, including Aegis and 2FAS.
Great idea! Done!
Will be part of the next release.
That’s an interesting. Everybody has their own way. Thx for adding the feature.