Moving from Authy to Another 2FA App

Despite the convenience of having Authy’s ability to sync across devices, I decided I wanted to change my 2FA app to Android’s andOTP. To do this (without unenrolling & re-enrolling myself in 2FA for my 50+ services), I needed to find a way to export my secrets from Authy. I did find a few posts on the topic, but didn’t have any luck with those guides. Most seemed to be a variation on the same process of getting the secrets from the Authy Chrome extension.

GitHubGist: Generating Authy passwords on other authenticators

What I did end up finding that finally worked, was to pull the XML containing details on each entry in Authy, thanks to this post: GBATemp: extract your totp keys from authy using chrome:

Good job, this tutorial is great for people who need to extract their keys out of Authy without needing a rooted Android/Jailbroken iPhone to grab them from the mobile app.

For people with rooted Android phones, the totp keys are stored here:
/data/data/com.authy.authy/shared_prefs/com.authy.storage.tokens.authenticator.xml

The filepath is what I was looking for

In the past, when I was using Google Authenticator, you had the ability to pull the database from the Android app, assuming you were rooted. The above process seems to be similar, just for the Authy app, instead of Google Authenticator: /data/data/com.google.android.apps.authenticator2/databases/databases.

This post is for my own reference, & for anyone else that may want to move from Authy, to another authenticator app.

Scammers Using Microsoft’s Support Site

I just came across this video (posted yesterday), where scammers are leveraging Microsoft’s legitimate support site at https://support.microsoft.com/help. This was after I received a fake Microsoft support call. Unfortunately, I didn’t have a dummy VM ready to waste their time, but glad I found out about the use of Microsoft’s site. Because Microsoft uses LogMeIn, their support site seems to just forward the code to LogMeIn to start the session.

See the video below for how the site is used:

ANOTHER GOOD article about passwords

Very glad to see another post by a site, giving good information on handling passwords, security question answers, & the recommendation to use password managers. I last had a post about this in July, when Dreamhost also put out a good article about creating strong passwords for account security. The link to that article is below as well.

Lifehacker: Use Your Password Manager for Security Answers, Too

Dreamhost: How to Create Strong Passwords to Keep Your Website Safe

Linux on Samsung Galaxy TabPro S

I have picked ap a Galaxy TabPro S a year or two ago, but didn’t end up using it much since it was running Windows. I had always planned to try out Linux on it, but never got around to it until now. I installed Xubuntu, just to have a light OS, & the only issue is related to getting wireless working. It is however a quick fix:

GitHub: infernix/samsung_tabpro_s

Just need to clear the contents of /lib/firmware/ath10k/QCA6174/hw3.0/*, & then place the two files from the GitHub repo. After a reboot, wireless was working with no additional changes needed.

Xubuntu booting on my Samsung Galaxy TabPro S

De-google-ify Internet

Found this site on https://lobste.rs. Has so great, open alternatives to proprietary services: FramasoftDe-google-ify Internet.

The Framasoft web site also seems to have some great information on this topic as well.

A network dedicated to globally promoting “free” and particularly free software.
Many services and innovative projects freely put at the disposal of the general public.
A community of volunteers supported by a public interest association.
An invitation to build together a world of sharing and cooperation.