Category Archives: IT

Migrating to Ente Auth – Export TOTP tokens from Authy

2FA, Security, Tech, , , , , , , , , ,

Authy Logo

I’ve recently had to migrate all my 2FA codes (TOTP tokens) from Authy.  For those that don’t know, Authy had a breach (here, and here)  a while ago, and since then seemingly put a stop to development of their desktop apps, and also migrating and /or syncing newly added tokens. They were essentially taking our tokens hostage. It became a bit of a precarious situation, as the only app that would still work was the mobile app, but at the same time it wouldn’t let you download and configure the new app on another device (I don’t think…) or have tokens backed up and syncing across multiple devices.

The primary reason for me to use Authy before was so that I could access my 2FA codes from multiple computers and mobile devices. Without this functionality, it was pretty pointless.  Even when they ended their native support of the desktop apps, you could still run the iPad version on Apple Silicone until they blocked that too. A real shame!

I had a couple of options to get round this.

1. Reset all my 2FA sessions and generate new tokens all over. This is a pain as I had well over 20 and this would take some time.

2. Find a way of exporting the tokens using various methods worked on in the open source community. These involve many technical steps but the processes are documented. They involve man in the middle snooping and Python scripts. All in all, a bit of fun.  I’m technically minded so no problem!

I had done some research and found Ente to be a great open-source alternative to migrate to.  The new solution also features end to end encrypted backup, as well as multi-platform and device support.

Ente Logo

The migration itself took some time and some prior preparation.

The steps I followed are on the following GitHub Gist – https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93

Not every scenario will work for you, so read the documentation fully.

The exact steps I followed are these: https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93?permalink_comment_id=5298931#gistcomment-5298931

Since I followed the steps, there has been a revised and simplified version, which I would probably recommend you follow instead: https://github.com/BrenoFariasdaSilva/Authy-iOS-MiTM

All in all this was an interesting experience, which allowed me to learn something new, play with Python, and man in the middle proxy, to catch data being transferred and intercepting it. The software MITMProxy, can be used for a multitude of other things.  Something to write about another day!

Ente also develop an alternative to Apple Photos or Google Photos, worth checking out if you’re not a fan of either.

ProxMox server configuration

HowTo, Hypervisors, IT, Software, , , , ,

Proxmox logo

I recently had the pleasure of configuring ProxMox server on an old Intel NUC mini PC. For those that aren’t aware ProxMox is a virtualisation platform, in the same line as Hyper-V, or Nutanix, or VMWare. The only main difference is that you can get a fully functional version of ProxMox for free, yes you read that correctly, for free! It’s Linux (Ubuntu) based, so what’s not to love!

Due to the Broadcom takeover of VMWare and licensing cost hikes, a lot of large organisations are migrating over to ProxMox, which overs a fairly seamless transfer process.

As it turns out, the install of the ProxMox hypervisor or host, was slightly more involved as the graphics drivers on my particular NUC were slightly difficult. After much Googling, and hunting I was able to find the steps required. The errors that I had encountered were related to Framebuffer errors. The install was successful by using “text mode” installation and switching afterwards. A useful YouTube video was discovered to assist with the process: https://www.youtube.com/watch?v=-6fRTpmmuHs

The following ProxMox forum discussion also assisted with the error – https://forum.proxmox.com/threads/generic-solution-when-install-gets-framebuffer-mode-fails.111577/

From my experience, also worth using a USB3 stick for installation.

Kudos to the Home Automation Guy who’s setup guide for ProxMox assisted me with the initial setup. It also linked through to the community scripts, where a PVE Post Install script was linked. The location has changed and is now available here: https://community-scripts.github.io/ProxmoxVE/scripts?id=post-pve-install&category=Proxmox+%26+Virtualization

This is quite honestly a treasure trove of scripts and you can knock your socks off with what you want to run there.

Even considering the problems I had with the initial install, the overall configuration only took 4hrs – for someone that hadn’t touched it before I would say that’s good going! Management is via web console and via terminal (SSH). It’s super quick and efficient. The hypervisor is currently running a single Linux VM hosting Lyrion Music Server, for more information on my endeavours you can visit our entertainment personal blog.

I’ll put some more points here when I recall them, but so far my experience with ProxMox has been great! Go and take a look 🙂

2FA – Secure your accounts now!

2FA, Security, , , , , , , ,

2FA generic image

Following on from some recent work undertaken, it’s worth posting a little reminder that a simple account password is no longer sufficient to secure your most important accounts.

It’s always a good idea to check and secure your passwords from time to time. Some simple steps to assist with this are listed below:

1. Do not use simple passwords, shorter than 8 characters. Try and use special characters where possible, and lower and upper case characters too.

2. Do not use family names, pets names, dates of birth, or anything that could be pinpointed to your place of residence.

3. Use a 2 factor authentication (2FA) solution where you have the option to. A good introduction to this can be viewed here: https://go.frantik.it/2intro

For further assistance with account security or online safety, please take a look at the Frantik web site and get in touch!

You can also sign up for our Newsletter where we’ll occasionally share important updates such as this. You can sign up here.

To help remember longer and harder to remember passwords, we would also recommend  using a password vault. We wrote a post on that recently: Time to get a Password Manager – 1Password tested!

Thanks for reading 🙂

The best WordPress Plugins for your Site!

Software, Websites, WordPress, , , ,

WordPress Plugins

We last posted about WordPress Plugins here in 2017 so it’s time to do a refresher.

This is great if you’re setting up a site for the first time, and want to have everything safe and secure so you can maintain your site worry-free.

  1. Askimet Anti-Spam – This is the GOAT of all plugins. Something you should have enabled on any WP site to prevent unecessary spam. If anything, it’s the first plugin you should have activated to protect your site from the get-go!
  2. JetPack – another out the box must have. Additional layer of security for your site.
  3. Classic Editor – If you’re not a fan of the new style Gutenburg and prefer editing your posts and pages using the TinyMCE editor, this is what you’re looking for.
  4. Contact Form 7 – a simple and no frills contact form for your site with CAPTCHA integration. On every site we configure we implement this over the standard out the box contact form. Reduce spam, and stay secure.
  5. Really Simple SSL – activate SSL on your site in the simplest way possible. This does require your site to have a valid SSL certificate applied, or active Let’s Encrypt functionality (all our new hosting packages feature this out the box).
  6. Site Kit by Google – great new plugin developed by Google to get your site linked in to Analytics, AdSense, and Search Console. Improving by the day with new features and functionality.
  7. UpdraftPlus – Backup/Restore – nothing worse than making changes to your site and / or it getting hacked and you not having a backup. Schedule automated backups for your site’s database and files on a regular basis.

There are several others that we use, so if you would like to know more please do get in touch or comment on this post 🙂

If you would like help getting these setup and working on your own site, get in touch with us through our contact form.

Time to get a Password Manager – 1Password tested!

HowTo, Software, , , , , , ,

1PasswordLogoWe’ve used 1Password for quite some time (around 5 years, if not longer) so thought a post here to talk of its merits was justified.

If you’ve not heard of a password manager before, in short it’s an application that helps you generate strong and random passwords and makes it easy for you to save them and use them for any web site or service you may use. They hold your details in an encrypted database that not even the developers have access to. If you get locked out you have lost your passwords, which is why many services offer an emergency access code that they recommend you print and keep in a safe and secure location.

Many password managers integrate well with many popular operating systems (Windows, Mac, and even Linux) and all the popular web browsers, and phones. The idea being that you can access your secure passwords wherever you are and even when you don’t have internet access.

1Password syncs with your Cloud Account using the 1Password Families subscription which allows 5 members of your family to use the service across platforms.

We all know that one person who has the same password for every account they use. When you think about it, that’s one password that a hacker needs to guess and voila, they have access to your email where they then can see all the accounts you may use and gain access to as well. Once they’re in they can probably make orders with your Amazon account, and other web shops where you have your card details saved.

Not wanting to scare you here, but the same time give you an insight of what so many people do…

You can take a trial of the service by following this link https://start.1password.com/sign-up/family?l=en

We’re in no way affiliated with 1Password and not being paid for this post. We just love the software and recommend it for your password manager too!