Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Announcements
  3. 2FAuth is now available

2FAuth is now available

Scheduled Pinned Locked Moved Announcements
24 Posts 12 Posters 4.1k Views 11 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • girishG Do not disturb
      girishG Do not disturb
      girish
      Staff
      wrote on last edited by
      #1

      Hi all,

      2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.

      Code: https://git.cloudron.io/cloudron/2fauth-app
      Docs: https://docs.cloudron.io/apps/2fauth/
      Forum section: https://forum.cloudron.io/category/184/2fauth

      1 Reply Last reply
      8
      • girishG Do not disturb
        girishG Do not disturb
        girish
        Staff
        wrote on last edited by
        #2

        The registration flow is a bit glitchy. We have reported this upstream at https://github.com/Bubka/2FAuth/discussions/313

        girishG 1 Reply Last reply
        1
        • timconsidineT Offline
          timconsidineT Offline
          timconsidine
          App Dev
          wrote on last edited by
          #3

          Cool !
          With Authy’s desktop end of life, this is great.
          Look forward to trying it when I get back

          1 Reply Last reply
          1
          • L Offline
            L Offline
            lukas
            wrote on last edited by
            #4

            Thx! Any app available for this ?

            timconsidineT 1 Reply Last reply
            1
            • L lukas

              Thx! Any app available for this ?

              timconsidineT Offline
              timconsidineT Offline
              timconsidine
              App Dev
              wrote on last edited by
              #5

              @lukas do you mean app for … mobile ? Desktop ?

              L 1 Reply Last reply
              0
              • timconsidineT timconsidine

                @lukas do you mean app for … mobile ? Desktop ?

                L Offline
                L Offline
                lukas
                wrote on last edited by
                #6

                @timconsidine mobile

                timconsidineT 1 Reply Last reply
                0
                • L lukas

                  @timconsidine mobile

                  timconsidineT Offline
                  timconsidineT Offline
                  timconsidine
                  App Dev
                  wrote on last edited by
                  #7

                  @lukas I think I recall not currently because they don’t see a need for one being browser.
                  But anyone please do correct me.
                  But a mobile app could be built to wrap the page but I think Apple and Google resist such apps. I’ll try to research.

                  fbartelsF murgeroM 2 Replies Last reply
                  1
                  • timconsidineT timconsidine

                    @lukas I think I recall not currently because they don’t see a need for one being browser.
                    But anyone please do correct me.
                    But a mobile app could be built to wrap the page but I think Apple and Google resist such apps. I’ll try to research.

                    fbartelsF Offline
                    fbartelsF Offline
                    fbartels
                    App Dev
                    wrote on last edited by
                    #8

                    @timconsidine it is rather Apple that is resisting here, even going as far as almost removing support for pwas https://open-web-advocacy.org/blog/apple-backs-off-killing-web-apps/

                    1 Reply Last reply
                    4
                    • timconsidineT timconsidine

                      @lukas I think I recall not currently because they don’t see a need for one being browser.
                      But anyone please do correct me.
                      But a mobile app could be built to wrap the page but I think Apple and Google resist such apps. I’ll try to research.

                      murgeroM Offline
                      murgeroM Offline
                      murgero
                      App Dev
                      wrote on last edited by
                      #9

                      @timconsidine This likely has a PWA you can install to your phone on Android you just open it in chrome and select install web app from the three dot menu.

                      On iOS you open it in safari, and bookmark -> Add to home screen to install the PWA.

                      --
                      https://urgero.org
                      ~ Professional Nerd. Freelance Programmer. ~

                      1 Reply Last reply
                      2
                      • A Offline
                        A Offline
                        AmbroiseUnly
                        wrote on last edited by
                        #10

                        Great! I see it's currently marked as "Unstable", I'll wait for a stable version, but definitely interested in this (I also need to migrate from Authy...)

                        1 Reply Last reply
                        1
                        • scookeS Offline
                          scookeS Offline
                          scooke
                          wrote on last edited by
                          #11

                          My question might be similar to an above poster, but how does an web account know that I am using this and not Authy or Google ? When I register the site with my self-hosted (Cloudron hosted) 2FAuth, (how) does the website know that only 2FAuth will be issuing the 2fa's?

                          A life lived in fear is a life half-lived

                          murgeroM 1 Reply Last reply
                          1
                          • KubernetesK Offline
                            KubernetesK Offline
                            Kubernetes
                            App Dev
                            wrote on last edited by Kubernetes
                            #12

                            @scooke When you set up two-factor authentication (2FA) for a website using a specific authenticator app, such as Authy or Google Authenticator, the website generates a unique secret key that is shared securely between the website and the authenticator app. This secret key is used to generate the one-time codes that you enter when logging in.

                            If you are using a self-hosted 2FA solution on Cloudron, the website follows a similar process. When you set up 2FA with your self-hosted 2FA solution, the website provides you with a unique secret key that is used by your self-hosted 2FA solution to generate the one-time codes.

                            The website does not necessarily know which specific authenticator app or method you are using to generate the 2FA codes. Instead, it relies on the secret key that is securely shared between the website and your chosen 2FA method to verify the code you enter during the login process. As long as the code generated by your self-hosted 2FA solution matches the expected code based on the shared secret key, the website will authenticate you successfully.

                            In summary, the website identifies you based on the secret key provided during the 2FA setup process, regardless of the specific 2FA method or app you use to generate the codes.

                            1 Reply Last reply
                            6
                            • scookeS scooke

                              My question might be similar to an above poster, but how does an web account know that I am using this and not Authy or Google ? When I register the site with my self-hosted (Cloudron hosted) 2FAuth, (how) does the website know that only 2FAuth will be issuing the 2fa's?

                              murgeroM Offline
                              murgeroM Offline
                              murgero
                              App Dev
                              wrote on last edited by murgero
                              #13

                              I know @Kubernetes gave a really thought out response but for anyone that isn't technical the gist is this:

                              TOTP (Time-based One Time Password) is a way to generate a 6 digit number based on the current time.
                              For example if the time is 12:30PM the code could be 123-456 and at 12:31 it could be 987-654. (This is a lose example)

                              The app itself follows a set algorithm which uses a secret key that only the app and the website know. This is algorithm is the same across ALL TOTP based apps (Examples are Google/Microsoft Authenticator, Authy, & 2FAuth). The same algorithm is used to verify the 6 digit code on the website as well.

                              Using TOTP, the website doesn't care what app you use, so long as the clock on your device where the app is installed is correct and the secret key matches so the 6 digit code works.

                              All of the above is the same no matter what app, website, or hosting service you do or do not use.

                              --
                              https://urgero.org
                              ~ Professional Nerd. Freelance Programmer. ~

                              1 Reply Last reply
                              4
                              • scookeS Offline
                                scookeS Offline
                                scooke
                                wrote on last edited by scooke
                                #14

                                Thank you for the answer. Does this then explain why, after I had bought a new phone and tried to login to Twitter, then realized I had to "connect" Twitter back with Google Auth, and it wouldn't work on the new phone, it was already connected to the old phone. And that phone had died, so I had no way to ever verify on Twitter. I'd like to avoid that.

                                ( I eventually did log back in by finding an even older phone that somehow miraculously was still logged into Twitter, and from within some option deep within it's bowels I could find something like an emergency login code, and that worked on the new phone, from which I turned off 2FA so that I could redo it on the new phone.)

                                A life lived in fear is a life half-lived

                                KubernetesK 1 Reply Last reply
                                0
                                • scookeS scooke

                                  Thank you for the answer. Does this then explain why, after I had bought a new phone and tried to login to Twitter, then realized I had to "connect" Twitter back with Google Auth, and it wouldn't work on the new phone, it was already connected to the old phone. And that phone had died, so I had no way to ever verify on Twitter. I'd like to avoid that.

                                  ( I eventually did log back in by finding an even older phone that somehow miraculously was still logged into Twitter, and from within some option deep within it's bowels I could find something like an emergency login code, and that worked on the new phone, from which I turned off 2FA so that I could redo it on the new phone.)

                                  KubernetesK Offline
                                  KubernetesK Offline
                                  Kubernetes
                                  App Dev
                                  wrote on last edited by
                                  #15

                                  @scooke Yes, your experience with Twitter and Google Authenticator highlights a common issue with 2FA when switching to a new device. In your case, since your old phone with Google Authenticator had died and you were unable to access the codes to verify your identity on Twitter, you were locked out of your account.

                                  This is one reason why a App like 2FAuth might be useful.

                                  1 Reply Last reply
                                  3
                                  • L Offline
                                    L Offline
                                    lukas
                                    wrote on last edited by lukas
                                    #16

                                    Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                                    And it seems that long passwords like 64 characters are not accepted

                                    nebulonN scookeS 2 Replies Last reply
                                    0
                                    • L lukas

                                      Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                                      And it seems that long passwords like 64 characters are not accepted

                                      nebulonN Away
                                      nebulonN Away
                                      nebulon
                                      Staff
                                      wrote on last edited by
                                      #17

                                      @lukas said in 2FAuth is now available:

                                      Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                                      And it seems that long passwords like 64 characters are not accepted

                                      Probably a good thing to report upstream then.

                                      L 1 Reply Last reply
                                      1
                                      • nebulonN nebulon

                                        @lukas said in 2FAuth is now available:

                                        Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                                        And it seems that long passwords like 64 characters are not accepted

                                        Probably a good thing to report upstream then.

                                        L Offline
                                        L Offline
                                        lukas
                                        wrote on last edited by
                                        #18

                                        @nebulon said in 2FAuth is now available:

                                        Probably a good thing to report upstream then.

                                        Where I can report it?

                                        jdaviescoatesJ 1 Reply Last reply
                                        0
                                        • L lukas

                                          @nebulon said in 2FAuth is now available:

                                          Probably a good thing to report upstream then.

                                          Where I can report it?

                                          jdaviescoatesJ Online
                                          jdaviescoatesJ Online
                                          jdaviescoates
                                          wrote on last edited by
                                          #19

                                          @lukas said in 2FAuth is now available:

                                          Where I can report it?

                                          Search on here https://github.com/Bubka/2FAuth/issues and if there isn't a similar issue, add it there.

                                          I use Cloudron with Gandi & Hetzner

                                          1 Reply Last reply
                                          1
                                          • sponchS Online
                                            sponchS Online
                                            sponch
                                            wrote on last edited by
                                            #20

                                            that a web only thing or can it be synced with the mobile client?

                                            murgeroM 1 Reply Last reply
                                            0
                                            Reply
                                            • Reply as topic
                                            Log in to reply
                                            • Oldest to Newest
                                            • Newest to Oldest
                                            • Most Votes


                                              • Login

                                              • Don't have an account? Register

                                              • Login or register to search.
                                              • First post
                                                Last post
                                              0
                                              • Categories
                                              • Recent
                                              • Tags
                                              • Popular
                                              • Bookmarks
                                              • Search