blog

Open Source Alternatives for Two Factor Authentication (2FA) Across Multiple Devices

Gnome Authenticator for Desktop, Aegis Authenticator for Android, import and export between.

Lawrence Murray 10 November 2022

Two Factor Authentication (2FA) is a security paradigm whereby two pieces of evidence are required for authentication. For online accounts these are typically a password (something the user knows) and a code demonstrating possession of a known device (something the user has). As an emergency backup for the loss of the device, recovery codes are provided, or perhaps a manual process of identity verification.

While Google and Apple have their own proprietary 2FA solutions based on Android and iPhone devices, these create a dependence on a single device. Twilio Authy is a popular alternative with multiple device support, including mobile and desktop devices, with automatic synchronization of keys between them. As long as a user has at least one of those devices available, they can authenticate. Unfortunately, Authy is also proprietary, and its Android app requires Google Play Services, so that it works only partly on Google-free phones such as the Volla Phone.

There are open source alternatives. One option is to combine Gnome Authenticator on a Gnome Linux desktop with Aegis Authenticator on an Android phone. Both support manual import and export of keys in de facto standard file formats so that keys can be shared between multiple devices. Aegis does not require Google Play Services, and is available from F-Droid, a catalog of free and open source software for Android phones (as well as the Google Play Store)

While the order does not matter, as both apps can import and export some common formats, here is a suggested approach:

  1. Set up Gnome Authenticator on the desktop first. Visit each online account and (re-)enable 2FA. Typically a QR code is displayed for quick setup. With Gnome Authenticator, click the add button in the top left, then in the dialog that appears, the Scan QR Code icon in the top right. Select Screenshot and take a snapshot of the QR code. It will then import.

    After setting up all accounts, go to the Pictures folder in your home directory and delete the screenshots. Also keep a copy of the recovery keys for each account as you go.

  2. Once all accounts are set up in Gnome Authenticator, export the keys to a file. Click the menu item in the top right and select Preferences > Backup/Restore. Under Backup select Authenticator to export to a plain text file. Keep the file somewhere accessible from all devices, e.g. cloud storage.

  3. On each other device, import the file. For another desktop use Gnome Authenticator again: Preferences > Backup/Restore, then under Restore select Authenticator and choose the file. For an Android device, install Aegis Authenticator, then click the menu icon in the top right, Settings > Import & Export > Import from file, choose Plain text as the file type and select the file.

You now have multiple devices configured for 2FA. As long as you have at least one of those devices available you will be able to authenticate with 2FA. Keep a printout of recovery codes; you will need them to restore access if all devices are lost.

blog Related
Responsive Images with Jekyll and ImageMagick
Step by step through the HTML, ImageMagick and Ruby. Works with Jekyll 4.

Lawrence Murray

30 Oct 22

blog Related
Admonitions in Markdown
Working or failing gracefully across Apostrophe, Kramdown, and Jekyll. No plugins required.

Lawrence Murray

2 Nov 22

blog Next
GPU Programming in the Cloud
How to develop on remote cloud instances, and a roundup of cloud service providers.

Lawrence Murray

22 Nov 22

GPU Programming in the Cloud
blog Previous
Matrix Gradients of Scalar Functions
Understanding the building blocks of reverse-mode automatic differentiation.

Lawrence Murray

7 Nov 22