Results 1 to 19 of 19
Like Tree5Likes
  • 1 Post By Jakuje
  • 2 Post By Jakuje
  • 1 Post By poehoes
  • 1 Post By Jakuje
  1.    #1  
    Anyone interested in such application, now available for Android and iOS?

    Preview on other platforms:
    https://play.google.com/store/apps/d....freeotp&hl=en
    https://itunes.apple.com/en/app/free...0l3Vy&ct=vb_wn

    I would use this application and I am doing research if I will be again the only user or there will be someone else around here. It would help me motivate little bit for better results
    Rnp likes this.
  2. #2  
    Interesting...

    How does it work? Oh, I followed some links: https://fedorahosted.org/freeotp/

    So it generates a one-time additional password by scanning a displayed QR code (or you type it in, I suppose)

    Seems like a good idea and the code is OSS from Redhat.

    Naturally, you'll want to make it LuneOS compatible...

    Seems like a good idea to me.
  3. #3  
    Yeah, great! And even better if you really can scan the QRcode, but then it has to work with devices' camera!
  4. #4  
    Quote Originally Posted by poehoes View Post
    Yeah, great! And even better if you really can scan the QRcode, but then it has to work with devices' camera!
    You can also enter a code manually, so even the quality of the early cameras doesn't matter.
  5.    #5  
    It's kind of two-factor authentication. QR is not required to have it fully functional. It should be used for creating new service if I got it right.
    Basic use case is that you pair your phone with some service (google, github, whatever) and whenever you are logging there, you write there your pin + one-time-password, which is time-based and prevents from stealing your identification using keyloggers and many other attacks.
    All company is using this for all services when connecting from outside network. We have hardware tokens, but almost everybody is now using these apps for mobile phones, but I still can't. I hope I will get to this during this week and I will keep you informed.

    What is required for LuneOS compatibility?
  6. #6  
    Basically Enyo 2 I think. There are a few apps that already run on it.

    Two weeks with LuneOS: An app sideload test
  7. #7  
    I would like to have a password-tool similar to pwdhash. pwdhash has not enough options for my purposes (set password length, used characters, multiple users on one domain, ...). Besides this should work on multiple platforms (for me at least webOS, Windows and Lubuntu).

    I've been thinking about spending some time to build a Mojo-App with Passwordmaker because there seems to be a ready javascript solution which might be implemented.

    What is the difference to FreeOTP? I don't understand what FreeOTP is really doing. The screenshots are not enough for me, to explain what is happening. Is this a solution, that manages or creates the passwords on multiple platforms? Or is this a solution where I must have my mobile device with me to get my password?
    Or is this something completely different?
  8. #9  
    Quote Originally Posted by Preemptive View Post
    You can also enter a code manually, so even the quality of the early cameras doesn't matter.
    That is true, but i ment if the QRcode is included in a webos application, it should work with all the devices. Otherwise don't include it.
  9. #10  
    Thank you. So FreeOTP is an interesting solution, but only for a few services at the moment.

    Quote Originally Posted by Preemptive View Post
    webOS password managers - not sure how up to date they are.
    LastPass - Preware Catalog
    KeePassGo - Preware Catalog

    Discussion of the services
    Five Best Password Managers
    There is always the problem how to sync the databases over your different devices. I like the idea of not having to store your passwords and temporarily generating them on your device just at the moment you need them.
  10.    #11  
    Who is eager to see it before it will be approved in app catalog, you can have a look on github or download ipk here:
    http://files.dta3.com:8000/f/c1882e1939/

    More info:
    WebOTP - Jakuje.dta3.com - Just another blogging system

    If something doesn't work or could work better, let me know. But first think you should check before writing should be your system clock. There is a new key every 30 seconds be default so every few seconds matters!

    Please, do not use it as the only option (make a backup of your secret key. I tested and compared results with other implementations, but still this is the first release and some things can change.

    Happy security
    Preemptive and poehoes like this.
  11. #12  
    Where do you want remarks? I have a few :-D

    Testing on Pre2 and Touchpad...

    I can't find your name in the development fora: http://forums.webosnation.com/webos-developer-forums/
    Last edited by poehoes; 05/17/2015 at 02:16 PM. Reason: development remark
  12.    #13  
    Quote Originally Posted by poehoes View Post
    Where do you want remarks? I have a few :-D

    Testing on Pre2 and Touchpad...
    Great. As it fits, you.
    Here or github issue. If it is nothing that can't be written public (otherwise email jakuje (a) gmail.com), I would be glad to have it somewhere visible so the others wouldn't repeat what was said.
  13. #14  
    So I tested on a Touchpad 32GB 4G and a Pre 2.

    Since the app is working on the first one i start with those remarks. It may look like a lot of complaints but i really like the app and hope to give as much feedback to get it perfect I tested in comparison with Google Authenticator (for Webos) and WebOTP gives the same OTP so technically it is good.

    - only portrait, please allow landscape
    - all pre-installed accounts show the webotp-logo
    - the timer is great!
    - when i tap a pencil-button i get a scene with title 'identification' and to buttons back and edit. Tapping the back button doesn't work. The edit-button takes me back.
    - so i tap the new-button: and get a scene with the same title, but now also a secret-box and an advanced-part. When you open the last with the arrow you'll see an configuration-box.
    * on the very first line i can't edit the account (jdoe@example.com) and the service description-field. When i tap the field (base 32) in the Secret-box i can input a secet
    * if i now type Shift-tab i can get in the Identification-box and fill in a emailddress/account and description
    * the back-button works (and cancels this task), the Add-button works. I now have a new account
    * this scene doesn't perform any checks: when i don't fill in information a can Add this account and i see nothing in de main screen (i do get a code tho), and when i tap edit the Edit-scene is shown, but the Edit-button s greyed out, so i can't go Back. I have to toss the app away and start over.
    - in the main screen i can swipe-delete the empty account so that works
    - when i try the menu there is one item: About. But it doesn't work.

    Then i try the same on my Pre2:
    - the first logo is empty, timer works; the second is a google/gmail logo, the third one (dta3) is a webotp-logo
    - when i now edit a account, the edit-button doesn't take me back. Luckily the back-swipe from a pre works.
    - when i tap new i can enter the secret-field, but on a pre2 i don't have a keyboard that can perform Shift-tab so can can't get in the Identification-box. The Add button stays greyed out and i can't add this. Probably good since i didn't fill in anything, but this is different on the touchpad. The Back button works.

    Hope you can fix this?!

    Maybe you can put your description and Developer-URL from WebOTP | webOS Nation in the About-scene. And also add a Help section in the Menu to describe the idea/working of the app. If you want I can write a suggestion to help...

    Preemptive likes this.
  14.    #15  
    Thank you for your valuable feedback. I realized that some things are not working well even late after posting here and I didn't get to fix them yet. Hopefully today. So take the first version as technology preview

    Rescheduling for later, because of "lower" priority. This is not much handy app for touchpad or landscape.
    - only portrait, please allow landscape

    Fixing:
    - all pre-installed accounts show the webotp-logo
    * on the very first line i can't edit the account (jdoe@example.com) and the service description-field. When i tap the field (base 32) in the Secret-box i can input a secret
    * this scene doesn't perform any checks: when i don't fill in information a can Add this account and i see nothing in de main screen (i do get a code tho), and when i tap edit the Edit-scene is shown, but the Edit-button s greyed out, so i can't go Back. I have to toss the app away and start over.
    - when i try the menu there is one item: About. But it doesn't work.

    ** Removed pre-installed acounts from new installations
    ** fixed problem with editing accounts identification and creating new ones, also the checks - canvas was too large
    ** new scene with few links and short description

    Update will be shortly in homebrew repository, stay tuned.
    poehoes likes this.
  15. #16  
    Hi,

    Very quick response and very good app! Like it very much.

    First retested on Touchpad just by installing version 1.0.1 over version 1.0.0:
    - pre-installed accounts still there, but in this scenario that is good -> see retest Pre2. I disagree that the use for this app is only handy on mobile, all users that only have a touchpad can use your app, and like to use it both ways...
    - menu now has a Edit-item and the About-item, nice ;-)
    the About has a small description, and three links to Support, WebOSNations and Discussion forums (on WebOSnations). All work. Including the emaillink. Little tip: preset a subject like [Question for WebOTP]:
    Then you can put a link in your emailclient to filter/move these emails somewhere...
    - Back-button works
    - Onto the New-function: Now i can tap on email-field and on service description-field. And only after typing a long enough Secret the Add-button becomes active. Back button works, no account added. Advanced fields seem to work, but i have no way to test this any further.
    Add button works, account added. An dwhen you press the picture the clock starts. Very neat
    - Onmto the Edit-function: i can tap and edit email-field and service description-field. No way to change the Secret. Could/may be intended and security wise very safe. The back-button discards changes and the Edit-button confirms the changes. Little remark: since this is a Edit-scene normally a Cancel-button and a OK-button are shown. Not a big deal but this is what users expect. Maybe you should name this scene Edit identification in stead of just identification.

    Now the small retest on the Pre2:
    I deleted the old version and did a fresh install of version 1.0.1.:
    - No preinstalled accounts, and the Help is added in the About so this looks very good.
    - tested all of the above, no other remarks....

    Very good work, this is a keeper
  16. #17  
    Is there a list of services this works with? It might encourage people to try it.

    Any connection or compatibility with this?
    https://www.grc.com/sqrl/sqrl.htm (I can't find a list of services for that either, but it seems like a good idea)

    Downloading...

    Here's one!
    https://www.dropbox.com/help/363

    A list to investigate...
    https://twofactorauth.org/
    Last edited by Preemptive; 06/03/2015 at 07:56 PM.
  17.    #18  
    poehoes: Thank you for extensive comments. I tried to fix most of this. Testing on touchpad will continue as soon as I will reboot
    Preemptive: I have never heard about the first one. It is interesting idea, but I haven't seen any website using it. Not like OTP, which is quite widely used now. The second link is also on project github page.
    Pushing another update with few changes.
  18. #19  
    Quote Originally Posted by Preemptive View Post
    Is there a list of services this works with? It might encourage people to try it.

    Any connection or compatibility with this?
    https://www.grc.com/sqrl/sqrl.htm (I can't find a list of services for that either, but it seems like a good idea)

    Downloading...

    Here's one!
    https://www.dropbox.com/help/363

    A list to investigate...
    https://twofactorauth.org/
    We'll, you don't need Google Authenticator anymore. Freeotp works the same, or should i state 'gives the same results' ;-)

Posting Permissions