How was your experience with GNOME Authenticator?

TL;DR

I am curious if anyone has tried GNOME Authenticator (or, simply “Authenticator”) before and what their own experience was like.

Long-winded context and first impressions

I am aware Authenticator’s audience is currently limited (i.e., limited to Linux users) and its distribution methods via Debian’s/Ubuntu’s repos lag behind quite a bit compared to the latest upstream development.

However, I wanted software that was dedicated to managing TOTP entries on the desktop and something with a better UI/UX than the “DIY” method of storing TOTP secrets in a separate KeePassXC database, as described the first time I heard this somewhere in the Privacy, Security, and OSINT Show with Michael Bazzell.

I was browsing the AUR and came across Authenticator. Apparently I should be able to use my encrypted Aegis JSON file and open it in Authenticator, but it still crashes, as described in this GitLab issue.

It seems like I’ll have to bite the proverbial bullet and copy and paste my TOTP secrets into Authenticator, but I think that’ll be ok if I send the TOTP secrets via Note to Self in Signal.

I feel GNOME Authenticator should be given more time (at least until version 4.2.0 makes it into Ubuntu LTS repos) to iron itself out before I consider submitting it as a suggestion on Privacy Guides.

Not that I’m an expert, though from a quick glance at its UI it looks visually good and the fact that more than 90% of its codebase is written in Rust is also a promising sign.

Have you tried OTPClient? It’s compatible with Aegis too.

1 Like

I’ll try OTPClient, as its development seems to be relatively more consistent in the past 6 months compared to GNOME Authenticator (and I don’t really like the visual design of GTK4 that much).

1 Like

Oh no, I tried importing an encrypted Aegis JSON and OTPClient also crashed.

I tried running OTPClient in the terminal and got this:

$ otpclient
Segmentation fault (core dumped)

Did I use too many of Aegis’s “extra” features by using the unofficial official Aegis Icons on (many of) my TOTP entries?

(I wouldn’t be surprised if the crash with Aegis in GNOME Authenticator was also caused by the same reason.)

It might be the case. I’d recommend reporting it to the developers to investigate,

I played around with OTPClient a while ago, but haven’t used it since as I tend to only use my mobile for 2FA (mainly out of laziness).

I use it with a plain-text Aegis file, and it works perfectly. If you reimport the same plain-text file though, it will duplicate entries, so syncing requires that you copy and paste the new code into Authenticator, or that you add it to Authenticator first, export to plain-text, and then select that account to import into Aegis.

Also, I recommend installing the Flatpak. It works perfectly and is always the latest version. The developer doesn’t support other installation methods.

1 Like