Open alexanderadam opened 8 months ago
I have used some solutions like Microsoft Authenticator and Okta Verify, which are similar to Authy, that sends push notification for verification. The main question is that whether the developers will use this solution. I know it is a chicken an egg problem, but I think that would be a more difficulty ask since it is unlikely for large providers like Github, Google or Microsoft to use it.
The main question is that whether the developers will use this solution. I know it is a chicken an egg problem, but I think that would be a more difficulty ask since it is unlikely for large providers like Github, Google or Microsoft to use it.
Yes, absolutely. It's not even meant for proprietary services. This is a feature that would be rather useful for hosting Open Source software. It's probably much easier to get it into projects like GitLab, OpenProject, Mattermost, GlitchTip, Vaultwarden, Nextcloud etc
And it would probably even have a much higher impact with identity applications like KanIDM, Authelia, Authentik, Keycloak and others.
I'm not quite sure whether this is possible and whether the issue title explains properly what this is about. The general idea is to improve usability for 2FA.
So for 2FA users might have to unlock their mobile phone, open FreeOTPPlus+, search the relevant application and then they can actually start to type in the code manually or copy the code. However, the company Twilio created a smart solution for making this work-flow easier: Authy. Authy's workflow goes as follows:
This work-flow sounds great and clearly removes friction. But currently it relies on a proprietary and uncontrollable service. Such as most push notification infrastructures. However, there's ntfy. And this work-flow obviously relies on push infrastructure anyway.
Therefore it would be nice to also have a free and FOSS solution to improve people's security and make their lifes easier.
Without knowing any details about Android development I would guess that it would need these things:
otpauth://totp/some_email_provider
and something like this might be relevant too_).I'm fully aware that this is a lot to ask but improving security and its usability for people believing in free software is a probably worth a try.
PS: Thank you so much for maintaining FreeOTP+ :raised_hands: