Comments (6)
@tijme I understand your concern and see why storing the OTP seeds locally could be a problem, however would it be possible for a desktop client to read the OTP seeds from an iCloud backup therefor never needing to actually store the OTP seeds locally.
from macos-receiver.
I could not agree more. The only thing I miss is the mac app. I would even pay for it. That was the only reason why I used Authy before.
from macos-receiver.
Hi @itsmichaelyu and @igr,
Unfortunately this will not be implemented. The MacOS receiver was designed to only be able to receive tokens if you have access to a second-factor device (your iPhone). Having a password manager and a OTP manager with seeds on the same device would decrease the security level.
Hope you understand,
Tijme
from macos-receiver.
@tijme that's on user, how he is going to use app. Authy, 1Password... they all have the desktop code generator. If you follow the security topic, then you should hide all the codes (not to be visible in the app), as someone may see it.
No worries, I am not trying to make you change your mind :) I do understand.
from macos-receiver.
It's not only about hiding the codes. It's about having a password and a OTP seed stored in the same location. Meaning, if that location is breached (e.g. by malware on your computer), both the passwords and corresponding OTP seeds are breached. I've seen this too many times during red teaming engagements and therefore really don't want to implement it.
The current MacOS receiver app is not vulnerable for that kind of attack (at least not breaching all passwords and OTPs at the same time), as the OTPs are not stored in the MacOS app. Only a single one is send to your computer when you tapp it in the app, thus you are really in control.
from macos-receiver.
Or... you can just have the list of names&icons in the mac app; when you need OTP the macos app would send a notification to the ios device, the user will auth into the phone and press OK and the OTP is generated and pasted back. This way OTP is still generated on a different device, authed by user (as it is done by Google, JumpCloud, Okta...)
Just the user flow is different. And that is important as well. I need to use OTP on many company resources (even under VPN 🤷♂️) on a daily basis. And each time I have to open phone, find and open app, scroll (which takes some cognitive load as there are many numbers I have even for the same client), press, and then go back to the mac. This process interrupts the development flow.
Just an idea, again, no worries. As long as I can export OTPs, I will stick with Ravio (and my personal hacks:)
from macos-receiver.
Related Issues (20)
- MacOS 10.15 Catalina Support HOT 1
- What is the use of showing the QR code? HOT 1
- How to enable synchronization? HOT 3
- Notifications not working on MacOS Ventura HOT 102
- Option to install Raivo without the Apple App Store HOT 1
- New App Icon for macOS HOT 3
- Hide "Raivo" Text in Menu Bar Icon HOT 2
- Same on released Ventura versions
- Same on released Ventura versions
- Start application in foreground on first run HOT 1
- Direct download link for macOS? HOT 2
- Inconsistent notification delivery time. HOT 1
- Ravio Keeps prompting for fingerprint
- Fully fledged app - Receive OTP codes independent from iOS clients HOT 6
- Support for lower versions of MacOS HOT 1
- raivo otp 1.0.3 (12) won't launch on macOS Big Sur 11.6 HOT 4
- Ravio compatibility with macos 10.14 HOT 2
- Full-fledge app HOT 1
- Receiver crashes while taping the "Get started" button in the "Welcom" tab or switching to the "QR code" tab HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from macos-receiver.