Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Announcements
  3. 2FAuth is now available

2FAuth is now available

Scheduled Pinned Locked Moved Announcements
24 Posts 12 Posters 4.4k Views 11 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • scookeS Offline
    scookeS Offline
    scooke
    wrote on last edited by
    #11

    My question might be similar to an above poster, but how does an web account know that I am using this and not Authy or Google ? When I register the site with my self-hosted (Cloudron hosted) 2FAuth, (how) does the website know that only 2FAuth will be issuing the 2fa's?

    A life lived in fear is a life half-lived

    murgeroM 1 Reply Last reply
    1
    • KubernetesK Offline
      KubernetesK Offline
      Kubernetes
      App Dev
      wrote on last edited by Kubernetes
      #12

      @scooke When you set up two-factor authentication (2FA) for a website using a specific authenticator app, such as Authy or Google Authenticator, the website generates a unique secret key that is shared securely between the website and the authenticator app. This secret key is used to generate the one-time codes that you enter when logging in.

      If you are using a self-hosted 2FA solution on Cloudron, the website follows a similar process. When you set up 2FA with your self-hosted 2FA solution, the website provides you with a unique secret key that is used by your self-hosted 2FA solution to generate the one-time codes.

      The website does not necessarily know which specific authenticator app or method you are using to generate the 2FA codes. Instead, it relies on the secret key that is securely shared between the website and your chosen 2FA method to verify the code you enter during the login process. As long as the code generated by your self-hosted 2FA solution matches the expected code based on the shared secret key, the website will authenticate you successfully.

      In summary, the website identifies you based on the secret key provided during the 2FA setup process, regardless of the specific 2FA method or app you use to generate the codes.

      1 Reply Last reply
      6
      • scookeS scooke

        My question might be similar to an above poster, but how does an web account know that I am using this and not Authy or Google ? When I register the site with my self-hosted (Cloudron hosted) 2FAuth, (how) does the website know that only 2FAuth will be issuing the 2fa's?

        murgeroM Offline
        murgeroM Offline
        murgero
        App Dev
        wrote on last edited by murgero
        #13

        I know @Kubernetes gave a really thought out response but for anyone that isn't technical the gist is this:

        TOTP (Time-based One Time Password) is a way to generate a 6 digit number based on the current time.
        For example if the time is 12:30PM the code could be 123-456 and at 12:31 it could be 987-654. (This is a lose example)

        The app itself follows a set algorithm which uses a secret key that only the app and the website know. This is algorithm is the same across ALL TOTP based apps (Examples are Google/Microsoft Authenticator, Authy, & 2FAuth). The same algorithm is used to verify the 6 digit code on the website as well.

        Using TOTP, the website doesn't care what app you use, so long as the clock on your device where the app is installed is correct and the secret key matches so the 6 digit code works.

        All of the above is the same no matter what app, website, or hosting service you do or do not use.

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~

        1 Reply Last reply
        4
        • scookeS Offline
          scookeS Offline
          scooke
          wrote on last edited by scooke
          #14

          Thank you for the answer. Does this then explain why, after I had bought a new phone and tried to login to Twitter, then realized I had to "connect" Twitter back with Google Auth, and it wouldn't work on the new phone, it was already connected to the old phone. And that phone had died, so I had no way to ever verify on Twitter. I'd like to avoid that.

          ( I eventually did log back in by finding an even older phone that somehow miraculously was still logged into Twitter, and from within some option deep within it's bowels I could find something like an emergency login code, and that worked on the new phone, from which I turned off 2FA so that I could redo it on the new phone.)

          A life lived in fear is a life half-lived

          KubernetesK 1 Reply Last reply
          0
          • scookeS scooke

            Thank you for the answer. Does this then explain why, after I had bought a new phone and tried to login to Twitter, then realized I had to "connect" Twitter back with Google Auth, and it wouldn't work on the new phone, it was already connected to the old phone. And that phone had died, so I had no way to ever verify on Twitter. I'd like to avoid that.

            ( I eventually did log back in by finding an even older phone that somehow miraculously was still logged into Twitter, and from within some option deep within it's bowels I could find something like an emergency login code, and that worked on the new phone, from which I turned off 2FA so that I could redo it on the new phone.)

            KubernetesK Offline
            KubernetesK Offline
            Kubernetes
            App Dev
            wrote on last edited by
            #15

            @scooke Yes, your experience with Twitter and Google Authenticator highlights a common issue with 2FA when switching to a new device. In your case, since your old phone with Google Authenticator had died and you were unable to access the codes to verify your identity on Twitter, you were locked out of your account.

            This is one reason why a App like 2FAuth might be useful.

            1 Reply Last reply
            3
            • L Offline
              L Offline
              lukas
              wrote on last edited by lukas
              #16

              Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
              And it seems that long passwords like 64 characters are not accepted

              nebulonN scookeS 2 Replies Last reply
              0
              • L lukas

                Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                And it seems that long passwords like 64 characters are not accepted

                nebulonN Offline
                nebulonN Offline
                nebulon
                Staff
                wrote on last edited by
                #17

                @lukas said in 2FAuth is now available:

                Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                And it seems that long passwords like 64 characters are not accepted

                Probably a good thing to report upstream then.

                L 1 Reply Last reply
                1
                • nebulonN nebulon

                  @lukas said in 2FAuth is now available:

                  Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                  And it seems that long passwords like 64 characters are not accepted

                  Probably a good thing to report upstream then.

                  L Offline
                  L Offline
                  lukas
                  wrote on last edited by
                  #18

                  @nebulon said in 2FAuth is now available:

                  Probably a good thing to report upstream then.

                  Where I can report it?

                  jdaviescoatesJ 1 Reply Last reply
                  0
                  • L lukas

                    @nebulon said in 2FAuth is now available:

                    Probably a good thing to report upstream then.

                    Where I can report it?

                    jdaviescoatesJ Offline
                    jdaviescoatesJ Offline
                    jdaviescoates
                    wrote on last edited by
                    #19

                    @lukas said in 2FAuth is now available:

                    Where I can report it?

                    Search on here https://github.com/Bubka/2FAuth/issues and if there isn't a similar issue, add it there.

                    I use Cloudron with Gandi & Hetzner

                    1 Reply Last reply
                    1
                    • sponchS Offline
                      sponchS Offline
                      sponch
                      wrote on last edited by
                      #20

                      that a web only thing or can it be synced with the mobile client?

                      murgeroM 1 Reply Last reply
                      0
                      • sponchS sponch

                        that a web only thing or can it be synced with the mobile client?

                        murgeroM Offline
                        murgeroM Offline
                        murgero
                        App Dev
                        wrote on last edited by
                        #21

                        @sponch TOTP can be used on any device or site that supports it. Just need the right app. In this case, 2FAuth is a web app that can be used for storing your TOTP codes in the cloud.

                        --
                        https://urgero.org
                        ~ Professional Nerd. Freelance Programmer. ~

                        1 Reply Last reply
                        0
                        • L lukas

                          Hm, I changed my password and now I can't login because I'm already logged-in? But I'm not
                          And it seems that long passwords like 64 characters are not accepted

                          scookeS Offline
                          scookeS Offline
                          scooke
                          wrote on last edited by
                          #22

                          @lukas Good thing you have this set up on Cloudron then! Just restore to a backup before the password change and keep on rollin'!

                          A life lived in fear is a life half-lived

                          1 Reply Last reply
                          1
                          • RazielKanosR Offline
                            RazielKanosR Offline
                            RazielKanos
                            wrote on last edited by
                            #23

                            I moved all my 2FA to bitwarden

                            1 Reply Last reply
                            2
                            • girishG girish

                              The registration flow is a bit glitchy. We have reported this upstream at https://github.com/Bubka/2FAuth/discussions/313

                              girishG Offline
                              girishG Offline
                              girish
                              Staff
                              wrote on last edited by
                              #24

                              @girish said in 2FAuth is now available:

                              The registration flow is a bit glitchy. We have reported this upstream at https://github.com/Bubka/2FAuth/discussions/313

                              The upstream author has fixed this and it works very well now!

                              1 Reply Last reply
                              1
                              Reply
                              • Reply as topic
                              Log in to reply
                              • Oldest to Newest
                              • Newest to Oldest
                              • Most Votes


                              • Login

                              • Don't have an account? Register

                              • Login or register to search.
                              • First post
                                Last post
                              0
                              • Categories
                              • Recent
                              • Tags
                              • Popular
                              • Bookmarks
                              • Search