>TOTP>You have to use (((their))) proprietary cancerous app>can't even export codes
>uses time as a source of uniquenesswhat's stopping me from finding out when you created the request and hacking into your system
>>106455848you should be able to use any 2fa app with totpi use https://f-droid.org/en/packages/com.beemdevelopment.aegis/>Any web service that supports Google Authenticator will also work with Aegis Authenticator.
You know you can set up local TOTP, right?
>>106455848>>106456033does anyone know how to do it with duo? my company requires this faggot software, it's 6 digit codes rotating 30 seconds but it doesn't allow any export.and it's the ONLY totp that i dont have in keepassxc and it's pissing me off i need a separate app just for this ONE login
>>106455892the fucking secret key you faggot
>>106456060OP is a faggot again
>>106455848Should be illegal >>106456033Some apps will not give you anything, just the 2FA result
>>106456033>you should be able to use any 2fa app with totpYou can't with export the cod steam, banking apps, and some cypto exchanging apps.
>>106457707>steamSteam gives you the code and asks you to write it down
>>106457707Apparently the reason Steam uses their own app is because Steam Guard is also used to confirm trades
>>106457754Nigger, you can export it to other 2fa apps.
>>106457776>Have secret >Enter it in program that is compatible
>>106456153figured it out. for anyone in the future that may stumble upon this:>https://github.com/revalo/duo-bypassduo changed the qr so you can't just copy paste it anymore but it's pretty simple, in the duo_activate.py you have to comment out the lines after the imports that parse the url provided in args, and instead hardcode "host" as the api-XXX.duosecurity.com, and the "code" as the final element of the URL path that you get via email (you have to go "add new device" > "duo app" > "i have a tablet" (when it asks for phone number) > "email link")the token to use will be the first line in the file "duotoken.hotp"even tho it says "hotp", if you check response.json and the "use_totp" is set to true, it will be a standard 30 second sha1 totp, just paste the code from duotoken.hotp straight into keepassxc or any other authenticatorfuck these faggots for making using a custom authenticator instead of their shitty app so difficult
>>106455848is op retarded? totp is the best 2fa imo and i haven't found a single website that has totp and doesn't support exporting codes
>>106458206it's 2fa apps that don't support exporting codes, like Duo or Microshit Authenticator. If you were dumb enough to use one of those as your code generator, you're locked in and can't change to a different one.
>>106458409>can't change>sign into thing>setup new 2fa???
>>106455848Microsoft does this, have to have it installed on my phone it's pure cancer might ask for a work phone one day just for this
>>106458894>have MS authenticator>drop phone>breaks>ur fucked because you had no backups, because MS authenticator doesn't allow backups.
