Category Archives: 2FA

Migrating to Ente Auth – Export TOTP tokens from Authy

2FA, Security, Tech, , , , , , , , , ,

Authy Logo

I’ve recently had to migrate all my 2FA codes (TOTP tokens) from Authy.  For those that don’t know, Authy had a breach (here, and here)  a while ago, and since then seemingly put a stop to development of their desktop apps, and also migrating and /or syncing newly added tokens. They were essentially taking our tokens hostage. It became a bit of a precarious situation, as the only app that would still work was the mobile app, but at the same time it wouldn’t let you download and configure the new app on another device (I don’t think…) or have tokens backed up and syncing across multiple devices.

The primary reason for me to use Authy before was so that I could access my 2FA codes from multiple computers and mobile devices. Without this functionality, it was pretty pointless.  Even when they ended their native support of the desktop apps, you could still run the iPad version on Apple Silicone until they blocked that too. A real shame!

I had a couple of options to get round this.

1. Reset all my 2FA sessions and generate new tokens all over. This is a pain as I had well over 20 and this would take some time.

2. Find a way of exporting the tokens using various methods worked on in the open source community. These involve many technical steps but the processes are documented. They involve man in the middle snooping and Python scripts. All in all, a bit of fun.  I’m technically minded so no problem!

I had done some research and found Ente to be a great open-source alternative to migrate to.  The new solution also features end to end encrypted backup, as well as multi-platform and device support.

Ente Logo

The migration itself took some time and some prior preparation.

The steps I followed are on the following GitHub Gist – https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93

Not every scenario will work for you, so read the documentation fully.

The exact steps I followed are these: https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93?permalink_comment_id=5298931#gistcomment-5298931

Since I followed the steps, there has been a revised and simplified version, which I would probably recommend you follow instead: https://github.com/BrenoFariasdaSilva/Authy-iOS-MiTM

All in all this was an interesting experience, which allowed me to learn something new, play with Python, and man in the middle proxy, to catch data being transferred and intercepting it. The software MITMProxy, can be used for a multitude of other things.  Something to write about another day!

Ente also develop an alternative to Apple Photos or Google Photos, worth checking out if you’re not a fan of either.

2FA – Secure your accounts now!

2FA, Security, , , , , , , ,

2FA generic image

Following on from some recent work undertaken, it’s worth posting a little reminder that a simple account password is no longer sufficient to secure your most important accounts.

It’s always a good idea to check and secure your passwords from time to time. Some simple steps to assist with this are listed below:

1. Do not use simple passwords, shorter than 8 characters. Try and use special characters where possible, and lower and upper case characters too.

2. Do not use family names, pets names, dates of birth, or anything that could be pinpointed to your place of residence.

3. Use a 2 factor authentication (2FA) solution where you have the option to. A good introduction to this can be viewed here: https://go.frantik.it/2intro

For further assistance with account security or online safety, please take a look at the Frantik web site and get in touch!

You can also sign up for our Newsletter where we’ll occasionally share important updates such as this. You can sign up here.

To help remember longer and harder to remember passwords, we would also recommend  using a password vault. We wrote a post on that recently: Time to get a Password Manager – 1Password tested!

Thanks for reading 🙂