Caution : cloudron portal in 2Fauth
-
Sharing a small
gotcha.
2FAuth had a funny 5 minutes
No idea why
It forced me to login back in, but I was using OpenID to log in with my cloudron portal user.
But that is protected by TOTP ... which I had moved from Authy into 2FAuth ... which I couldn't get (on desktop or phone) because I was logged out.
Stuck in a loop.
I moved the Cloudron TOTP to Bitwarden, so I won't be stuck in a loop.
So some caution to other Cloudron users using TOTP for their logins, maybe better to store that not in 2FAuth.Maybe it would be a 'nice to have' for Cloudron to support multiple TOTP, as some services do. But it's not important enough to be a Feature Request, so just posting this 'public service announcement'.
-
Totp codes depend on a seed value that you store in 2fauth (or any other totp generator). So technically Cloudron does not need to support two totp apps, you can just add the same seed value to multiple apps. In 2fauth you need to use the "advanced form", choose "TOTP", input your "secret" and select 6 digits. Then 2fauth will display the same totp value as e.g. Vaultwarden does.
What kind of prevents me from using 2fauth is that I am just directly logged in with my Cloudron user. Which means in case I forget to log out of my Cloudron dashboard, someone could just go and get my 2fa without any additional barrier. I think I much rather keep my codes in Vaultwarden, which times out and uses a different password/auth method than my Cloudron.
-
Totp codes depend on a seed value that you store in 2fauth (or any other totp generator). So technically Cloudron does not need to support two totp apps, you can just add the same seed value to multiple apps. In 2fauth you need to use the "advanced form", choose "TOTP", input your "secret" and select 6 digits. Then 2fauth will display the same totp value as e.g. Vaultwarden does.
What kind of prevents me from using 2fauth is that I am just directly logged in with my Cloudron user. Which means in case I forget to log out of my Cloudron dashboard, someone could just go and get my 2fa without any additional barrier. I think I much rather keep my codes in Vaultwarden, which times out and uses a different password/auth method than my Cloudron.
