Ente completes CERN sponsored audit
This includes (especially so) Ente Auth.
I wanted to bring some awareness to this because when I think of MFA I typically think of TOTP Authenticators. Like my friend Eric Hameleers (alienbob), I bent the knee way back and adopted the proprietary, closed source product Authy by Twilio.
Why? Because there were considerations to raise, such as, "What if I drop my phone in the fricken' toilet?", or, "I want my authenticator to support installs on multiple platforms and sync" - Actually, both of those considerations are really the same thing. The mess about this really was that Google Authenticator and others didn't sync, existed on a single device, and I had no need or desire to enjoy passwordless authentication offered by Microsoft for some resources.
Authy provided multi-devices w/sync, on #Android, #Linux, and #Windows, okay I guess, and my phone(s). And then Ente Auth came out, they were working on the desktop version and close to a release, it sync'ed with multiple devices and second best of all, it was the first truly cross-platform (Okay I never tried running it on a BSD) authenticator - it could sync between a Linux box and a Windows desktop and an Android - that's everything in my Universe, and actually, who cares about Windows anyway?
Just about that time, as I started considering the move, Twilio informed everyone that Authy support on Desktop was going Bye Bye!
So the choice at that point was Easy Peasy - migrate nowwwww!!! And so I fired up my rarely used wYnd0z3 box and got an alert - "This desktop version will be retired soon, you need to update to the lastest version as soon as possible"... in so many words.
Hmmm... Yeah, I dunno. I think I'mma do some online searches, this sounds fishy to me. And oh boy did it stink to high heaven. I'm glad I checked that out and found a little blurb (over on Reddit, IIRC) that covered the steps required to export everything, a script, a hacked up patch, and voila! done - got it!
There was one caveat there, for those who ventured into those same murky waters that I had - DO NOT APPLY THE TWILIO UPDATE!!!* For those who did, they found out quickly that the a patch no longer worked, they could not perform the export, and this was by design since the export had to be performed on a desktop version of Authy, effectively subjugating the non-daring with the typical enshittification that we've always known as #Vendor_Lockin.
By the time Eric apparently got around to making the move to #Ente_Auth from #Authy, the laborious process was entirely manual - one site at a time, which you can READ ABOUT HERE.
You really gotta watch these sneaky proprietary types of folks.
So anyway, fast forward a bit to where we are now, and although I mentioned my second fav reason to select Ente Auth, I didn't disclose my fav - which should be obvious: It's #FOSS. And not just that, but #Self_Hosted FOSS, if you prefer to keep things close to your breast.
Anyway, that's the backstory and the long way around my announcement here that you an read up on the Audit of all Ente products here:
https://ente.io/blog/cern-audit/
So, IMNSHO, There's really no reason to choose another authenticator, really, truly, there just isn't.
I hope that helps. Enjoy!
⛵
.
