alt Hacker NewsIs there a "platform authenticator" that allows import/export of the actual origin site, keypair, and credential id in plaintext? The next would be a variety of platform authenticators able to import and use those?
I don't want vendor lockin and I don't want proprietary third party cloud based backup/recovery.
Today with totp, I store the plaintext otpauth url and I can use oathtool to spit out codes when needed on my desktop. My phone has aegis, but I don't use any cloud based backup/recovery. I switched from Google Authenticator after they implemented their cloud based syncing to google.
Replies
Some open source password managers provide this, but the general industry is working on a way to transfer between hosts without having to dump everything out in plain text in between.
KeepassXC allows this, but the spec authors think this is bad and have threatened KeepassXC with being banned by authenticating websites. The spec has explicit support for banning clients built in. https://github.com/keepassxreboot/keepassxc/issues/10407