Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Announcements
  3. 2FAuth is now available

2FAuth is now available

Scheduled Pinned Locked Moved Announcements
24 Posts 12 Posters 4.8k Views 11 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L lukas

    Thx! Any app available for this ?

    timconsidineT Offline
    timconsidineT Offline
    timconsidine
    App Dev
    wrote on last edited by
    #5

    @lukas do you mean app for … mobile ? Desktop ?

    L 1 Reply Last reply
    0
    • timconsidineT timconsidine

      @lukas do you mean app for … mobile ? Desktop ?

      L Offline
      L Offline
      lukas
      wrote on last edited by
      #6

      @timconsidine mobile

      timconsidineT 1 Reply Last reply
      0
      • L lukas

        @timconsidine mobile

        timconsidineT Offline
        timconsidineT Offline
        timconsidine
        App Dev
        wrote on last edited by
        #7

        @lukas I think I recall not currently because they don’t see a need for one being browser.
        But anyone please do correct me.
        But a mobile app could be built to wrap the page but I think Apple and Google resist such apps. I’ll try to research.

        fbartelsF murgeroM 2 Replies Last reply
        1
        • timconsidineT timconsidine

          @lukas I think I recall not currently because they don’t see a need for one being browser.
          But anyone please do correct me.
          But a mobile app could be built to wrap the page but I think Apple and Google resist such apps. I’ll try to research.

          fbartelsF Offline
          fbartelsF Offline
          fbartels
          App Dev
          wrote on last edited by
          #8

          @timconsidine it is rather Apple that is resisting here, even going as far as almost removing support for pwas https://open-web-advocacy.org/blog/apple-backs-off-killing-web-apps/

          1 Reply Last reply
          4
          • timconsidineT timconsidine

            @lukas I think I recall not currently because they don’t see a need for one being browser.
            But anyone please do correct me.
            But a mobile app could be built to wrap the page but I think Apple and Google resist such apps. I’ll try to research.

            murgeroM Offline
            murgeroM Offline
            murgero
            App Dev
            wrote on last edited by
            #9

            @timconsidine This likely has a PWA you can install to your phone on Android you just open it in chrome and select install web app from the three dot menu.

            On iOS you open it in safari, and bookmark -> Add to home screen to install the PWA.

            --
            https://urgero.org
            ~ Professional Nerd. Freelance Programmer. ~

            1 Reply Last reply
            2
            • A Offline
              A Offline
              AmbroiseUnly
              wrote on last edited by
              #10

              Great! I see it's currently marked as "Unstable", I'll wait for a stable version, but definitely interested in this (I also need to migrate from Authy...)

              1 Reply Last reply
              1
              • scookeS Offline
                scookeS Offline
                scooke
                wrote on last edited by
                #11

                My question might be similar to an above poster, but how does an web account know that I am using this and not Authy or Google ? When I register the site with my self-hosted (Cloudron hosted) 2FAuth, (how) does the website know that only 2FAuth will be issuing the 2fa's?

                A life lived in fear is a life half-lived

                murgeroM 1 Reply Last reply
                1
                • KubernetesK Offline
                  KubernetesK Offline
                  Kubernetes
                  App Dev
                  wrote on last edited by Kubernetes
                  #12

                  @scooke When you set up two-factor authentication (2FA) for a website using a specific authenticator app, such as Authy or Google Authenticator, the website generates a unique secret key that is shared securely between the website and the authenticator app. This secret key is used to generate the one-time codes that you enter when logging in.

                  If you are using a self-hosted 2FA solution on Cloudron, the website follows a similar process. When you set up 2FA with your self-hosted 2FA solution, the website provides you with a unique secret key that is used by your self-hosted 2FA solution to generate the one-time codes.

                  The website does not necessarily know which specific authenticator app or method you are using to generate the 2FA codes. Instead, it relies on the secret key that is securely shared between the website and your chosen 2FA method to verify the code you enter during the login process. As long as the code generated by your self-hosted 2FA solution matches the expected code based on the shared secret key, the website will authenticate you successfully.

                  In summary, the website identifies you based on the secret key provided during the 2FA setup process, regardless of the specific 2FA method or app you use to generate the codes.

                  1 Reply Last reply
                  6
                  • scookeS scooke

                    My question might be similar to an above poster, but how does an web account know that I am using this and not Authy or Google ? When I register the site with my self-hosted (Cloudron hosted) 2FAuth, (how) does the website know that only 2FAuth will be issuing the 2fa's?

                    murgeroM Offline
                    murgeroM Offline
                    murgero
                    App Dev
                    wrote on last edited by murgero
                    #13

                    I know @Kubernetes gave a really thought out response but for anyone that isn't technical the gist is this:

                    TOTP (Time-based One Time Password) is a way to generate a 6 digit number based on the current time.
                    For example if the time is 12:30PM the code could be 123-456 and at 12:31 it could be 987-654. (This is a lose example)

                    The app itself follows a set algorithm which uses a secret key that only the app and the website know. This is algorithm is the same across ALL TOTP based apps (Examples are Google/Microsoft Authenticator, Authy, & 2FAuth). The same algorithm is used to verify the 6 digit code on the website as well.

                    Using TOTP, the website doesn't care what app you use, so long as the clock on your device where the app is installed is correct and the secret key matches so the 6 digit code works.

                    All of the above is the same no matter what app, website, or hosting service you do or do not use.

                    --
                    https://urgero.org
                    ~ Professional Nerd. Freelance Programmer. ~

                    1 Reply Last reply
                    4
                    • scookeS Offline
                      scookeS Offline
                      scooke
                      wrote on last edited by scooke
                      #14

                      Thank you for the answer. Does this then explain why, after I had bought a new phone and tried to login to Twitter, then realized I had to "connect" Twitter back with Google Auth, and it wouldn't work on the new phone, it was already connected to the old phone. And that phone had died, so I had no way to ever verify on Twitter. I'd like to avoid that.

                      ( I eventually did log back in by finding an even older phone that somehow miraculously was still logged into Twitter, and from within some option deep within it's bowels I could find something like an emergency login code, and that worked on the new phone, from which I turned off 2FA so that I could redo it on the new phone.)

                      A life lived in fear is a life half-lived

                      KubernetesK 1 Reply Last reply
                      0
                      • scookeS scooke

                        Thank you for the answer. Does this then explain why, after I had bought a new phone and tried to login to Twitter, then realized I had to "connect" Twitter back with Google Auth, and it wouldn't work on the new phone, it was already connected to the old phone. And that phone had died, so I had no way to ever verify on Twitter. I'd like to avoid that.

                        ( I eventually did log back in by finding an even older phone that somehow miraculously was still logged into Twitter, and from within some option deep within it's bowels I could find something like an emergency login code, and that worked on the new phone, from which I turned off 2FA so that I could redo it on the new phone.)

                        KubernetesK Offline
                        KubernetesK Offline
                        Kubernetes
                        App Dev
                        wrote on last edited by
                        #15

                        @scooke Yes, your experience with Twitter and Google Authenticator highlights a common issue with 2FA when switching to a new device. In your case, since your old phone with Google Authenticator had died and you were unable to access the codes to verify your identity on Twitter, you were locked out of your account.

                        This is one reason why a App like 2FAuth might be useful.

                        1 Reply Last reply
                        3
                        • L Offline
                          L Offline
                          lukas
                          wrote on last edited by lukas
                          #16

                          Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                          And it seems that long passwords like 64 characters are not accepted

                          nebulonN scookeS 2 Replies Last reply
                          0
                          • L lukas

                            Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                            And it seems that long passwords like 64 characters are not accepted

                            nebulonN Away
                            nebulonN Away
                            nebulon
                            Staff
                            wrote on last edited by
                            #17

                            @lukas said in 2FAuth is now available:

                            Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                            And it seems that long passwords like 64 characters are not accepted

                            Probably a good thing to report upstream then.

                            L 1 Reply Last reply
                            1
                            • nebulonN nebulon

                              @lukas said in 2FAuth is now available:

                              Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                              And it seems that long passwords like 64 characters are not accepted

                              Probably a good thing to report upstream then.

                              L Offline
                              L Offline
                              lukas
                              wrote on last edited by
                              #18

                              @nebulon said in 2FAuth is now available:

                              Probably a good thing to report upstream then.

                              Where I can report it?

                              jdaviescoatesJ 1 Reply Last reply
                              0
                              • L lukas

                                @nebulon said in 2FAuth is now available:

                                Probably a good thing to report upstream then.

                                Where I can report it?

                                jdaviescoatesJ Offline
                                jdaviescoatesJ Offline
                                jdaviescoates
                                wrote on last edited by
                                #19

                                @lukas said in 2FAuth is now available:

                                Where I can report it?

                                Search on here https://github.com/Bubka/2FAuth/issues and if there isn't a similar issue, add it there.

                                I use Cloudron with Gandi & Hetzner

                                1 Reply Last reply
                                1
                                • sponchS Offline
                                  sponchS Offline
                                  sponch
                                  wrote on last edited by
                                  #20

                                  that a web only thing or can it be synced with the mobile client?

                                  murgeroM 1 Reply Last reply
                                  0
                                  • sponchS sponch

                                    that a web only thing or can it be synced with the mobile client?

                                    murgeroM Offline
                                    murgeroM Offline
                                    murgero
                                    App Dev
                                    wrote on last edited by
                                    #21

                                    @sponch TOTP can be used on any device or site that supports it. Just need the right app. In this case, 2FAuth is a web app that can be used for storing your TOTP codes in the cloud.

                                    --
                                    https://urgero.org
                                    ~ Professional Nerd. Freelance Programmer. ~

                                    1 Reply Last reply
                                    0
                                    • L lukas

                                      Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                                      And it seems that long passwords like 64 characters are not accepted

                                      scookeS Offline
                                      scookeS Offline
                                      scooke
                                      wrote on last edited by
                                      #22

                                      @lukas Good thing you have this set up on Cloudron then! Just restore to a backup before the password change and keep on rollin'!

                                      A life lived in fear is a life half-lived

                                      1 Reply Last reply
                                      1
                                      • RazielKanosR Offline
                                        RazielKanosR Offline
                                        RazielKanos
                                        wrote on last edited by
                                        #23

                                        I moved all my 2FA to bitwarden

                                        1 Reply Last reply
                                        2
                                        • girishG girish

                                          The registration flow is a bit glitchy. We have reported this upstream at https://github.com/Bubka/2FAuth/discussions/313

                                          girishG Offline
                                          girishG Offline
                                          girish
                                          Staff
                                          wrote on last edited by
                                          #24

                                          @girish said in 2FAuth is now available:

                                          The registration flow is a bit glitchy. We have reported this upstream at https://github.com/Bubka/2FAuth/discussions/313

                                          The upstream author has fixed this and it works very well now!

                                          1 Reply Last reply
                                          1
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • Login

                                          • Don't have an account? Register

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Bookmarks
                                          • Search