Skip to content
This repository has been archived by the owner. It is now read-only.

[Dev] Is Winauth supposed to be considered already as abandonware? #621

Open
Porgi opened this issue May 2, 2018 · 14 comments
Open

[Dev] Is Winauth supposed to be considered already as abandonware? #621

Porgi opened this issue May 2, 2018 · 14 comments

Comments

@Porgi
Copy link

@Porgi Porgi commented May 2, 2018

Winauth.com domain is dead end (bad configuration in CloudFlare?)
Last commit was 6 months ago and lot of unclosed issues.
Winauth looks now like software under code freeze but for me it looks more like abandonware.
@winauth thoughts?
Also c1be966 shows clearly that all bug reporting was removed as well as domain was removed from code.

@winauth
Copy link
Owner

@winauth winauth commented May 2, 2018

Unfortunately, it's pretty much dead. Although many people still use it daily, including me, it really has reached the end of its life and needs significant updating. I just don't have time to work on it any more let alone rewrite it.

Everything was moved under github so the winauth.com domain could be taken down and not be a dependency.

@Porgi
Copy link
Author

@Porgi Porgi commented May 3, 2018

Notifying users either by README.md, either by repo description would help users understand that support by original author will not be available due to reasons.
Closing all issues and changing repo to read-only would be the best way as there will be no new issues opened and users will get a banner that clearly states this repo is not modified. If for some reason you wanted to resume developing winauth, you can always turn off read-only mode.
Cheers.

@Roland80
Copy link

@Roland80 Roland80 commented May 4, 2018

It's a shame, but understandable. Are there any alternatives that we should look at?

@beerisgood
Copy link

@beerisgood beerisgood commented May 17, 2018

Thats realy sad! So we only can use now KeePass XC which have OTP included or we use https://authy.com
Bad.

Edit: While authy is opensource, their website isnt privacy friendly: https://webbkoll.dataskydd.net/en/results?url=http%3A%2F%2Fauthy.com%2F
And the windows binary is just provided over Amazon server, without any checksum nor GPG.sig

@beerisgood
Copy link

@beerisgood beerisgood commented May 19, 2018

@winauth which 2FA program (beside yours) did you recommend for windows?

@bruno-brant
Copy link

@bruno-brant bruno-brant commented Jun 5, 2018

Why not let someone take over?

@Porgi
Copy link
Author

@Porgi Porgi commented Jun 8, 2018

@Roland80 @beerisgood
If you accept security bugs and no new features there is no reason to switch to something else. There is a lot of software still used even when it reached abandonware stage.
If you don't want to accept that, you might want to consider using Yubico Authenticator

@beerisgood In case of Authy as long as keys are stored somewhere in "cloud" or else, this type of authentication should be considered as not secure.

@beerisgood
Copy link

@beerisgood beerisgood commented Jun 8, 2018

I thing i switch to andOTP from F-Droid which also have QR-Code Support.

@Porgi: yeah. i dont trust Authy

@Porgi
Copy link
Author

@Porgi Porgi commented Jun 9, 2018

@beerisgood I'm using FreeOTP on Android which also have QR code support
https://freeotp.github.io/

@wildsprite
Copy link

@wildsprite wildsprite commented Aug 15, 2018

I would rather not move to another authenticator, none of them have all of the features this one has. it is only missing one authenticator I use but I'm not sure how easy it would be to emulate the Square Enix Software Token. I recommend winauth to everyone that would use the google authenticator. I really hope someone else takes up this project

@Jon-guy30
Copy link

@Jon-guy30 Jon-guy30 commented Aug 26, 2018

Just discovered WinAuth a few days ago. Really cool program! A shame there won't be updates any more. I have enabled 2FA on multiple accounts already, I like that you can really harden your accounts with this, like locking them on a specific computer or specific user only.

Btw, I have keepassxc, I could use that as an authentication solution. Also can I ask an off-topic question?

How do I add an account not on the list of supported services? I see an "import" button and it looks for xml files, could anyone please tell me how to use that feature? I don't see it in the documentation.

Thanks!

@winauth
Copy link
Owner

@winauth winauth commented Aug 27, 2018

How do I add an account not on the list of supported services? I see an "import" button and it looks for xml files, could anyone please tell me how to use that feature? I don't see it in the documentation.

Depends on the service. You can click Add and in the first field enter a KeyUri format (see https://github.com/google/google-authenticator/wiki/Key-Uri-Format) or put into into a text file and Import it.

Otherwise, it depends on the other service as to if it can be added.

@Jnchi
Copy link

@Jnchi Jnchi commented Jan 11, 2019

@winauth which 2FA program (beside yours) did you recommend for windows?

KeyPassXC is cross-platform continuation of keepass, and it supports OTP as well.

Just my two cents.

@beerisgood
Copy link

@beerisgood beerisgood commented Jan 11, 2019

@winauth which 2FA program (beside yours) did you recommend for windows?

KeyPassXC is cross-platform continuation of keepass, and it supports OTP as well.

I guess you mean KeePassXC instead of "KeyPassXC" ?
Anyway i switch to andOTP from F-Droid (Android) which is much better.

Also i like the original KeePass more then KeePass XC

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
8 participants
You can’t perform that action at this time.