[Dev] Is Winauth supposed to be considered already as abandonware?

[Porgi]

Winauth.com domain is dead end (bad configuration in CloudFlare?)
Last commit was 6 months ago and lot of unclosed issues.
Winauth looks now like software under code freeze but for me it looks more like abandonware.
@winauth thoughts?
Also c1be966 shows clearly that all bug reporting was removed as well as domain was removed from code.

[winauth]

Unfortunately, it's pretty much dead. Although many people still use it daily, including me, it really has reached the end of its life and needs significant updating. I just don't have time to work on it any more let alone rewrite it.

Everything was moved under github so the winauth.com domain could be taken down and not be a dependency.

[Porgi]

Notifying users either by README.md, either by repo description would help users understand that support by original author will not be available due to reasons.
Closing all issues and changing repo to read-only would be the best way as there will be no new issues opened and users will get a banner that clearly states this repo is not modified. If for some reason you wanted to resume developing winauth, you can always turn off read-only mode.
Cheers.

[Roland80]

It's a shame, but understandable. Are there any alternatives that we should look at?

[beerisgood]

Thats realy sad! So we only can use now KeePass XC which have OTP included or we use https://authy.com
Bad.

Edit: While authy is opensource, their website isnt privacy friendly: https://webbkoll.dataskydd.net/en/results?url=http%3A%2F%2Fauthy.com%2F
And the windows binary is just provided over Amazon server, without any checksum nor GPG.sig

[beerisgood]

@winauth which 2FA program (beside yours) did you recommend for windows?

[Bruno-Brant]

Why not let someone take over?

[Porgi]

@Roland80 @beerisgood
If you accept security bugs and no new features there is no reason to switch to something else. There is a lot of software still used even when it reached abandonware stage.
If you don't want to accept that, you might want to consider using Yubico Authenticator

@beerisgood In case of Authy as long as keys are stored somewhere in "cloud" or else, this type of authentication should be considered as not secure.

[beerisgood]

I thing i switch to andOTP from F-Droid which also have QR-Code Support.

@Porgi: yeah. i dont trust Authy

[Porgi]

@beerisgood I'm using FreeOTP on Android which also have QR code support
https://freeotp.github.io/

[wildsprite]

I would rather not move to another authenticator, none of them have all of the features this one has. it is only missing one authenticator I use but I'm not sure how easy it would be to emulate the Square Enix Software Token. I recommend winauth to everyone that would use the google authenticator. I really hope someone else takes up this project

[Jon-guy30]

Just discovered WinAuth a few days ago. Really cool program! A shame there won't be updates any more. I have enabled 2FA on multiple accounts already, I like that you can really harden your accounts with this, like locking them on a specific computer or specific user only.

Btw, I have keepassxc, I could use that as an authentication solution. Also can I ask an off-topic question?

How do I add an account not on the list of supported services? I see an "import" button and it looks for xml files, could anyone please tell me how to use that feature? I don't see it in the documentation.

Thanks!

[winauth]

How do I add an account not on the list of supported services? I see an "import" button and it looks for xml files, could anyone please tell me how to use that feature? I don't see it in the documentation.

Depends on the service. You can click Add and in the first field enter a KeyUri format (see https://github.com/google/google-authenticator/wiki/Key-Uri-Format) or put into into a text file and Import it.

Otherwise, it depends on the other service as to if it can be added.

[Jnchi]

@winauth which 2FA program (beside yours) did you recommend for windows?

KeyPassXC is cross-platform continuation of keepass, and it supports OTP as well.

Just my two cents.

[beerisgood]

@winauth which 2FA program (beside yours) did you recommend for windows?

KeyPassXC is cross-platform continuation of keepass, and it supports OTP as well.

I guess you mean KeePassXC instead of "KeyPassXC" ?
Anyway i switch to andOTP from F-Droid (Android) which is much better.

Also i like the original KeePass more then KeePass XC