Security and Privacy Failures in Popular 2FA Apps

jerm · May 8, 2024, 7:58pm

https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan

PDF: https://www.usenix.org/system/files/usenixsecurity23-gilsenan.pdf

Table 1: Overview of the backup mechanisms supported in each app. Y* indicates that there is a serious security flaw in the
implementation and/or usage of cryptography (see Section 5.3). Y^ indicates support for multiple types of encrypted file exports
(see Section 5.3.4). Values in parentheses were obtained from documentation and observation only (see Section 6.4).

Aegis seems to score the best out of all TOTP apps.

lepras · May 9, 2024, 2:13am

Whwre is ente, bitwarden, aithenticator pro??

anon59474973 · May 9, 2024, 3:40am

If you mean Bitwarden’s premium TOTP feature, they excluded TOTP in password managers. If you mean the Bitwarden Authenticator app that was released recently, it was released after they had searched for 2FA apps. The same with Ente Auth as that was released in December 2022, a year after they searched for 2FA apps.

Polymer7229 · May 9, 2024, 1:36pm

Some of the problems that were mentioned have already been fixed. For example, the “Y*” problem for 2FAS has already been fixed.

Topic		Replies	Views
Chronos Authenticator: iOS 2FA App Project Showcase software	14	390	July 24, 2024
Add 2FAS (Authenticator App) Tool Suggestions rejected	57	9576	November 9, 2023
Thoughts on Authenticator Pro? Privacy	5	942	November 14, 2023
Add Authenticator Pro Tool Suggestions rejected	2	1436	August 4, 2023
Discussion about underrated Open source applications Vol.1 Privacy	5	657	March 29, 2024

Security and Privacy Failures in Popular 2FA Apps

Related Topics