Security and Privacy Failures in Popular 2FA Apps

jerm · May 8, 2024, 7:58pm

https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan

PDF: https://www.usenix.org/system/files/usenixsecurity23-gilsenan.pdf

Table 1: Overview of the backup mechanisms supported in each app. Y* indicates that there is a serious security flaw in the
implementation and/or usage of cryptography (see Section 5.3). Y^ indicates support for multiple types of encrypted file exports
(see Section 5.3.4). Values in parentheses were obtained from documentation and observation only (see Section 6.4).

Aegis seems to score the best out of all TOTP apps.

lepras · May 9, 2024, 2:13am

Whwre is ente, bitwarden, aithenticator pro??

anon59474973 · May 9, 2024, 3:40am

If you mean Bitwarden’s premium TOTP feature, they excluded TOTP in password managers. If you mean the Bitwarden Authenticator app that was released recently, it was released after they had searched for 2FA apps. The same with Ente Auth as that was released in December 2022, a year after they searched for 2FA apps.

Polymer7229 · May 9, 2024, 1:36pm

Some of the problems that were mentioned have already been fixed. For example, the “Y*” problem for 2FAS has already been fixed.

Topic		Replies	Views
Chronos Authenticator: iOS 2FA App Project Showcase software	15	699	October 2, 2024
Add 2FAS (Authenticator App) Tool Suggestions rejected	61	10655	October 17, 2024
Thoughts on Authenticator Pro? Privacy	5	1017	November 14, 2023
Add Authenticator Pro Tool Suggestions rejected	2	1483	August 4, 2023
2FAS (Authenticator App) Tool Suggestions invalid	1	901	October 4, 2023

Security and Privacy Failures in Popular 2FA Apps

Related Topics