Skip to content
This repository has been archived by the owner. It is now read-only.

[Dev] Is Winauth supposed to be considered already as abandonware? #621

Open
Porgi opened this Issue May 2, 2018 · 14 comments

Comments

Projects
None yet
8 participants
@Porgi
Copy link

Porgi commented May 2, 2018

Winauth.com domain is dead end (bad configuration in CloudFlare?)
Last commit was 6 months ago and lot of unclosed issues.
Winauth looks now like software under code freeze but for me it looks more like abandonware.
@winauth thoughts?
Also c1be966 shows clearly that all bug reporting was removed as well as domain was removed from code.

@winauth

This comment has been minimized.

Copy link
Owner

winauth commented May 2, 2018

Unfortunately, it's pretty much dead. Although many people still use it daily, including me, it really has reached the end of its life and needs significant updating. I just don't have time to work on it any more let alone rewrite it.

Everything was moved under github so the winauth.com domain could be taken down and not be a dependency.

@Porgi

This comment has been minimized.

Copy link
Author

Porgi commented May 3, 2018

Notifying users either by README.md, either by repo description would help users understand that support by original author will not be available due to reasons.
Closing all issues and changing repo to read-only would be the best way as there will be no new issues opened and users will get a banner that clearly states this repo is not modified. If for some reason you wanted to resume developing winauth, you can always turn off read-only mode.
Cheers.

@Roland80

This comment has been minimized.

Copy link

Roland80 commented May 4, 2018

It's a shame, but understandable. Are there any alternatives that we should look at?

@beerisgood

This comment has been minimized.

Copy link

beerisgood commented May 17, 2018

Thats realy sad! So we only can use now KeePass XC which have OTP included or we use https://authy.com
Bad.

Edit: While authy is opensource, their website isnt privacy friendly: https://webbkoll.dataskydd.net/en/results?url=http%3A%2F%2Fauthy.com%2F
And the windows binary is just provided over Amazon server, without any checksum nor GPG.sig

@beerisgood

This comment has been minimized.

Copy link

beerisgood commented May 19, 2018

@winauth which 2FA program (beside yours) did you recommend for windows?

@Bruno-Brant

This comment has been minimized.

Copy link

Bruno-Brant commented Jun 5, 2018

Why not let someone take over?

@Porgi

This comment has been minimized.

Copy link
Author

Porgi commented Jun 8, 2018

@Roland80 @beerisgood
If you accept security bugs and no new features there is no reason to switch to something else. There is a lot of software still used even when it reached abandonware stage.
If you don't want to accept that, you might want to consider using Yubico Authenticator

@beerisgood In case of Authy as long as keys are stored somewhere in "cloud" or else, this type of authentication should be considered as not secure.

@beerisgood

This comment has been minimized.

Copy link

beerisgood commented Jun 8, 2018

I thing i switch to andOTP from F-Droid which also have QR-Code Support.

@Porgi: yeah. i dont trust Authy

@Porgi

This comment has been minimized.

Copy link
Author

Porgi commented Jun 9, 2018

@beerisgood I'm using FreeOTP on Android which also have QR code support
https://freeotp.github.io/

@wildsprite

This comment has been minimized.

Copy link

wildsprite commented Aug 15, 2018

I would rather not move to another authenticator, none of them have all of the features this one has. it is only missing one authenticator I use but I'm not sure how easy it would be to emulate the Square Enix Software Token. I recommend winauth to everyone that would use the google authenticator. I really hope someone else takes up this project

@Jon-guy30

This comment has been minimized.

Copy link

Jon-guy30 commented Aug 26, 2018

Just discovered WinAuth a few days ago. Really cool program! A shame there won't be updates any more. I have enabled 2FA on multiple accounts already, I like that you can really harden your accounts with this, like locking them on a specific computer or specific user only.

Btw, I have keepassxc, I could use that as an authentication solution. Also can I ask an off-topic question?

How do I add an account not on the list of supported services? I see an "import" button and it looks for xml files, could anyone please tell me how to use that feature? I don't see it in the documentation.

Thanks!

@winauth

This comment has been minimized.

Copy link
Owner

winauth commented Aug 27, 2018

How do I add an account not on the list of supported services? I see an "import" button and it looks for xml files, could anyone please tell me how to use that feature? I don't see it in the documentation.

Depends on the service. You can click Add and in the first field enter a KeyUri format (see https://github.com/google/google-authenticator/wiki/Key-Uri-Format) or put into into a text file and Import it.

Otherwise, it depends on the other service as to if it can be added.

@Jnchi

This comment has been minimized.

Copy link

Jnchi commented Jan 11, 2019

@winauth which 2FA program (beside yours) did you recommend for windows?

KeyPassXC is cross-platform continuation of keepass, and it supports OTP as well.

Just my two cents.

@beerisgood

This comment has been minimized.

Copy link

beerisgood commented Jan 11, 2019

@winauth which 2FA program (beside yours) did you recommend for windows?

KeyPassXC is cross-platform continuation of keepass, and it supports OTP as well.

I guess you mean KeePassXC instead of "KeyPassXC" ?
Anyway i switch to andOTP from F-Droid (Android) which is much better.

Also i like the original KeePass more then KeePass XC

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.