|
2FA and N900/linux
I got stuck with a banking account which seems to require 2FA from google.
I have no idea how this is supposed to work but it seems to be a QR code I snap with a camera. Is there a way to pass a 2FA check this in a home that only uses real Linux devices? Will I have to buy a new throw-away android phone to pass the 2FA check? I am going to dump this account, but for now I have to deal with this. Ideas? |
Re: 2FA and N900/linux
Can't you change it to use email or phone number instead of Qrcode for 2FA? Or if you can set up androidbox and run google authenticator on that?
Or could webcam be used for QRcode in linux somehow to authenticate if that machine is signed in with google? |
Re: 2FA and N900/linux
All good ideas, my concern is if I do it wrong it will get locked up and I will have to do way more work than finding an old phone with stock android.
I think I do have an old google account too so good ideas, though I imagine it would want to have access to SMS, right? (edit) https://medium.com/@tilaklodha/googl...s-2933a4ece8c2 it seems to need google play.... (edit 2) I was able to install the google authenticator app onto a tablet with lineageos and microg, it worked for the login, apparently there is also a chromium/chrome app that will work though the app from the aurora store(gets from the google app store) is able to use the QR codes with a camera, not sure about the chromium app. altogether dirty and I hope to be free of this bank soon, but until then I have a working solution without google play |
Re: 2FA and N900/linux
Do you have to use Google authenticator? My work says I need Microsoft authenticator app, but I used the QR-code in Google authenticator.
You could try to set up one of these if you took backup of the code: https://alternativeto.net/software/g...nse=opensource I dont know if http://maemo.org/packages/view/otp/ has time based otp or is compatible. |
Re: 2FA and N900/linux
Nice work biketool!!!
|
Re: 2FA and N900/linux
So with more research I found several free/libre implementations of the same functionality in f-droid(foss android compatible .apk store). The code linked above at medium.com could probably be hacked into one of the existing barcode apps and run on the N900 or whatever device you wanted.
<edit> Or use this: https://get2fa.dev/ |
Re: 2FA and N900/linux
Quote:
It doesn't support QR codes, and requires conversion of the code/secret according to https://github.com/jwhitbeck/otpn900...ment-408625414. Other than that, it's pretty reliable :-) |
Re: 2FA and N900/linux
Quote:
Thanks! I suppose you could cut/paste form a barcode reader. It may sound stupid, but I have avoided successfully 2fa until now and have moved out of that account so am free of it again; but it is good to know I have an option. I only realized after the fact reviewing some code that this was not a thing relying on google-play services. I am currently still using socak Maem05/N900 daily but testing prototyping some hardware for pinephone but I hope the day is near that I can 1-boot Leste from a SD on pinephone 2-make phonecalls/SMS/data Phosh is not great and even under Deboan(Mobian) it is moving slowly while Maemo-Leste is already working with a good base mobile UI OS and apps. |
Re: 2FA and N900/linux
Quote:
|
Re: 2FA and N900/linux
Quote:
This is a great solution if we are talking nuclear missiles but I prefer other methods which don't have such a glaring failure mode. I ended up having that exact failure thinking I had already transferred out what I needed and sent the closure request. I had to show up in person a very long ways away to correct the issue. Had that been an on-line only account I would have lost my funds or perhaps have been liable for years of fees sometime in the future. Between military rescue and aviation I just assume everything I rely on will be broken when I really need it most and 2fa relies on a single or several precious devices. Perhaps it is possible to cut/paste the seed for later use, but I think many systems that offer this service do not have a way to recover or worse will kill/reset the 2fa too easily making it a false security. I really feel that this whole experience was a big show of security theater towards the end where things were reset too easily during the day I was going to the financial institution to confirm the transfer and closure of the account personally. It exposed too many people with admin authority who could be social engineered into opening my account to be emptied or just doxxing my info. To explain my security mindset I give the example of a friend who lost their protonmail password. they did the password recovery and could read the email subject lines but they lost their crypto key in the reset, a bad actor who had taken the email account couldn't then read any of the messages. Protonmail fails safe. they might even offer 2fa, but with just username and password even a refugee who showed up in Europe or Canada naked could still use an account user/pass stored in their own mind to access communications or even recover a crypto currency wallet. |
Re: 2FA and N900/linux
Being locked out upon device failure wouldn't be such a big problem were we to be able to meet someone in person who could reset the system and let us log in again. Fortunitally or not society has moved to technology dependency and away from in person interaction. It's been a long time comming, (30 years, 50 years? +) in but it's here now. You'll never goto a bank and meet a person again. If your device breaks you're lost.
|
Re: 2FA and N900/linux
Hello
2FA is the main reason why I have to leave my N900 (with TLS 1.3 support) and I have just received my Fairphone 4 but still investigating how to use it "properly" (LineageOS or /e/OS...) Before that choice, I had to: - for work VPN, request a one-time-challenge paper-card alternative to official Android app requiring Google Services - for a first customer's VPN, request a SIM replacement to get STK authentication based but discovered Maemo has not this software support (introduced later in Meego / oPhono)... so I have to shutdown my N900 to move SIM card to an old Symbian device to authenticate - for a second customer's VPN, request for the smartcard OTP alternative but support team was no longer at ease how to set it up at first trial (and meanwhile run the application on my son's phone...) - soon, an online service of my bank (one-time-use visa card generation with credit limit) will no longer send SMS for 2FA, so an Android app will be soon required I have tried to setup a androidbox to run these applications but I have probably not invest enough time in it... too slow in virtualbox, no access to store... Definitely I get tired of these efforts to keep my N900 as my only daily phone... But I expect to find enough time to convert it for others' usage (game, music player...) with Leste, when I will be over with my calendar and sms/phone calls history migration to "Android"-or-affiliate I need to discover |
Re: 2FA and N900/linux
Quote:
Quote:
Quote:
Quote:
|
Re: 2FA and N900/linux
N900 with TLS 1.3 support? If someone has got this working why it hasn't been shouted over the roof tops? Does all the other members have this working? Would you be so kind and share all good tricks and tweaks so that others who still use N900 could benefit of yoir knowledge?
I think there are many many tweaks people who have still been using N900 know. Maybe someone who knows stuff could start a thread called "Keeping N900 alive 2022 from mouth to mouth". It would be nice to have all this info even just for historic purposes, when someone likes to trace down how it's been possible people used Fremantle so long. I myself am mainly interested how security concerned people have done things, to access and use internet, how to circumvent digital profiling. I hope someone could make a detailed info how to get TLS1.3 support for N900, how to update and setup certs, how to set up nginx for other than default browser (I think Fennec 17 from thumb or Dooble browser would be best browsers to get to work), how to use mail safely etc. I have nginx setup for microb but it lacks many stuff, Opera with tls 1.2 with openssl 1.1 and certs updated from devel repo doesn't help anymore. Modest mail with IMAP works with the tinymailcamel package fix, and Easy debbie with Netsurf 3.10 is the latest and securest browser but doesn't handle videos or java that well. Please if you know good stuff, share. |
Re: 2FA and N900/linux
You may be right, but I consider I had little chance to reverse-engineer how these 2FA applications are designed to guess how to proceed with multiple round-trip registration steps which are probably implemented to prevent use of "standard" alternative OTP codes.
|
Re: 2FA and N900/linux
Did you make some progresses on how to use it "properly" (LineageOS or /e/OS...)?
I personally still feel limpy in my efforts to find an N900 alternative (ATM Xperiy XA2 + SFOS) |
Re: 2FA and N900/linux
@Ric9K Even if it not the right place, I am using stock FairPhone OS (at least for warranty, it sounds me risky to unlock boot loader) without Google account (never accepted conditions) and do not use Google applications/services... even if Youtube still delivers notifications, and Play Store still delivers updates. I have setup F-Droid and use alternatives applications. Next steps are rooting, allow signature spoofing if possible, to replace google services by microG... But probably I will install /e/OS when available for FP4.
I really lack a proper "complete" and "offline" backup/restore process for Android without use of cloud services - typically something like Samsung Smart Switch. |
| All times are GMT. The time now is 10:03. |
vBulletin® Version 3.8.8