To Electrum 2FA wallet users and other bitcoin 2FA wallet users

[_act_]

Yesterday, I also spent the whole evening looking for an alternative to my 2FA app, and I also found this Raivo app. I see Raivo's developers being more active and constantly releasing updated versions to make the application more and more complete. Since I'm not tech-savvy, I spent some time watching people on Reddit review these 2 apps(tofu and raivo). In the end, I will follow the majority and choose Raivo to replace GG authenticator. Thank you for suggesting me.

The developers claimed that the source code is reproducible. If that is true, it would be a good authentication app. I will still prefer Aegis for Android. Tofu for iOS is good too. The authenticators that I can tell people not to use are the close source authentications and those that are having online backups which makes it not safe to use. Google and Authy fall into this category that should be avoided.

[1715234646]

1715234646

[1715234646]

1715234646

[1715234646]

1715234646

[1715234646]

1715234646

[BTCGalaxyA12]

Let me tell you the negative effect.

Do you have chrome on your Android phone? Click on the dots at the upper right corner and click on settings. You will see password manager.

Assuming you have your 2FA on another device because you think it is safe like that. Some people that are using online accounts like custodial wallet, exchanges or anything that has to do with 2FA like Electrum 2FA wallet can be affected because what is called two factor authenticator is no more two factor authenticator if it is linked to the email on the phone. By just downloadimg the app on the device and use the email with it, you will see the OTPs generating. Some people can be very careless and synchronize their username, password and 2FA. What else do hackers need to hack successfully? Nothing. Those three are enough to steal from people.

Do not save your username, password and 2FA codes on Google cloud, it is very dangerous.

Luckily I don't save my passwords in the Google cloud even though a prompt appears above the right side of the android.
Coin theft can be done by hackers through the process you convey.
I was surprised and thought that couldn't be the case with Electrum because Electrum is a very good wallet that has been proven.

Thanks OP.
Users who choose to allow passwords, usernames are stored automatically via synchronization with email, assuming that this makes it easier the next time they replace a new Android or iPhone. Though it is very risky.

[Wend]

By the way, I also wanted to ask if anyone has any suggestions for an open-source 2FA app for iOS, I saw o_e_l_e_o mentioning Tofu. I will try it, but I also want to experience a few other applications.

The only other one I am aware of is: https://github.com/raivo-otp/ios-application

If you don't like the latest Google 2fa update go to the settings and off linking to your google Gmail account, I've tested this and it works but I don't see anything bad with this

The fact remains that Google's 2FA app is closed source, difficult to actually back up locally, and since it is ran by Google will 100% be harvesting your data.

Currently, I am using 2FAS, and as far as I know, it is also an open-source application like Aegis, Tofu, or Raivo. The advantage I find superior to other applications is that they are available in 2 versions for both Android and IOS operating systems. The rest of the features are not too different. Do you know about it, and is it safe to use? I'm using it, but I don't know if it's safe for long-term use.
https://2fas.com/
https://github.com/twofas

[o_e_l_e_o]

I'm not a fan of 2FAS because it harvests way more data than it needs to. (And actually, for a 2FA app, the amount of data it requires about you or your device is exactly zero. All it needs to do is scan QR codes and then combine them with the time and hash them. Zero data required.)

Take a look at its Privacy Policy here: https://2fas.com/privacy-policy/

They collect a lot of information about your device, your email address, records of your usage, drop cookies on you, share your data with Google Analytics, etc. Completely unnecessary and unwanted.

Compare this to the best in class privacy policy from Aegis: https://getaegis.app/aegis/privacy.html

5000 words for 2FAS, versus 10 for Aegis. "Aegis Authenticator does not collect any data from your device."

[Wend]

I'm not a fan of 2FAS because it harvests way more data than it needs to. (And actually, for a 2FA app, the amount of data it requires about you or your device is exactly zero. All it needs to do is scan QR codes and then combine them with the time and hash them. Zero data required.)

Take a look at its Privacy Policy here: https://2fas.com/privacy-policy/

They collect a lot of information about your device, your email address, records of your usage, drop cookies on you, share your data with Google Analytics, etc. Completely unnecessary and unwanted.

Compare this to the best in class privacy policy from Aegis: https://getaegis.app/aegis/privacy.html

5000 words for 2FAS, versus 10 for Aegis. "Aegis Authenticator does not collect any data from your device."

What you said is true, I have spent some time researching, and as far as I know, 2FAS is a closed source application, and they just switched to open source in the last 2 months. So it's unsurprising that they collect user data like Google or Authy. I didn't know this for a long time, I just installed Aegis and will moved all the data over the weekend.

I wonder one thing, these open source applications do not collect any user data, which means they will not have the funds to maintain and develop the application in the long run. At some point, if it stops working, will our data still be safe?

[o_e_l_e_o]

I wonder one thing, these open source applications do not collect any user data, which means they will not have the funds to maintain and develop the application in the long run. At some point, if it stops working, will our data still be safe?

There are thousands of completely free pieces of software with no steady income stream out there which survive just fine. There is also a donation link on the Aegis website if anyone is so inclined.

Still, even if development stops tomorrow, nothing changes with the app you have already downloaded and are running. And of course, you should utilize Aegis' ability to create encrypted exports of your database, so even if you can't install Aegis on a new device you can still import your 2FA codes in to a different app.