Hacker News new | past | comments | ask | show | jobs | submit login

For those looking for Google Authenticator alternatives, I recommend either Duo Mobile from Duo Security or Authy. I ditched Google Authenticator a while ago and haven't missed it one bit -- having a single app manage my two-factor tokens / keys is much more convenient.



I switched to HDE-OTP[0] a while ago and never looked back. I've not encountered any bugs with it and it's also better looking.

[0]https://itunes.apple.com/gb/app/hde-otp-generator/id57124032...


You have a beautiful screen on your iPhone with great font rendering and ... it mimics a 7 segment LCD display.

For shame.


Almost like building a notes app and putting leather stitching all around it.

Skeumorphism is dying, thankfully.


Yep, HDE OTP works great and looks nice. Thanks.


In light of this incident with GA, do either/any of the alternative support "export" of the underlying secrets, for instance to migrate to a new app?


You can store the key (the alternative to using a QR code) you're given to set up 2FA in the first place.


Edited: Authy requires a mobile number and a remote server to store your tokens though.


Seriously. What's the difference between this and just setting up a webcam pointed at all your SecurID tokens?


Duo does not require this at all. And Authy only requires you to store their "Authy" token. You can add additional, e.g. Github, tokens to Authy and choose not to sync them with the Authy servers. That's what I do.


Authy requires your mobile phone number and the creation of an account to work at all … or am I missing something? I haven't found a way to use Authy without providing my mobile phone number and creating an account.


> Both require your mobile number and for a remote service to store all of your tokens though..

Duo does not, for the record. Download and go.


I seem to have recalled that one wrong then, or they've changed their service since I last saw it.


This is not at all true. Both are generating your tokens clientside with no internet connection. Try disabling internet access, it should work.

As for the mobile number, I didn't have to type that into Duo Mobile when I installed?


You certainly do for Authy, I was apparently wrong about Duo.

http://i.imgur.com/dY1zWUe.png


I second the recommendation for Duo. Its a great application, and if you're looking for adding 2FA to your own systems (IT or otherwise) has a multitude of interaction options (secondary password LDAP, etc).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: