Ideal Client for Storing 2FA Secrets

, posted Aug 3, 2023

Last month when I got locked out (almost) of my AWS account I realized how crucial a cloud or backup solution could be for apps we trust with our 2FA secrets. It has been exactly one month now & I still had my AWS account without 2FA.

I know it is not a substantial issue provided the account is protected with strong password, which I have done of course. However, the 2FA authenticator app was required regardless just for the sake of it if anything. Last night while randomly surfing the web I came across ente Authenticator.

For some it may be just another 2FA authenticator out there, but for me it has most of the features I desire in ideal 2FA client. The app

is Free & Open Source (FOSS)
has end-to-end encryption
is cloud based
features offline usage
enables users to im/export the secrets
supports editing the secrets
provides cross device sync

If that is not enough, the app is available for Android, iOS, iPadOS, MacOS. Windows & Linux build is WIP as of writing this post.

The ente Authenticator is actually another project by ente Photos, which is a privacy focused cloud solution for backing up photos & videos with e2e encryption support. The company offers 1GB of free storage in their free tier. I didn’t signed up for that because I have no photos to backup in the first place.

I downloaded & tested the App on iPad. Everything was working fine, I even re-activated 2FA on my AWS account back. Then I checked the export feature which prompted with an confirmation note & after approving that it asked for device authentication, fingerprint scan in my case and then happened nothing!!! Yeah Not-a-thing.

It didn’t exported the secrets file. I tried 2-3 times but nah all in vain. I looked up into iCloud & local file system on iPad there were no traces of it. So I went onto Mac & downloaded the App just to confirm if the option is working or not. To my dismay it wasn’t working on Mac either.

Lastly I grabbed my Android device & tested on that. It worked like charm. So the issue is with Apple devices only that I confirmed. Following up next, I plan to submit issue on github & wait for the fix.

The issue is still not that significant because there is a way around it. Thanks to editing feature of the app, the secret key can be easily copied by left swiping the 2FA entry in the App & entering into edit mode. And I did backed up the AWS 2FA secret key and saved into my password manager as a new note entry.

I have uninstalled the app from my iPad and Android device, but I have decided to keep it on my Mac. This is because I primarily use my Mac for internet connection and computing activities around 99% of the time.

Which 2FA client you are using and what are your thoughts on ente Authenticator please let me know.

Reply via mail