2factorauth / twofactorauth Goto Github PK

With SMS. They may also have custom stuff for Android and iThingy by the looks of it.

Supports 2FA via SMS.

The site says:
The Security Key is currently not available. Please try again later.

A domain registrar that supports 2FA.

The current category system doesn't really cover the breadth of larger cross functional authentication systems such as Google and Microsoft. For example, should G+, Blogger and Gmail be separate systems or group in some other way? As they all rely on Google's 2FA solution when enabled.

Same is true of Microsoft, but how that exactly works for each property is a little inconsistent.

https://evernote.com/evernote/guide/mac/#11

Apparently if you call up fidelity they will set up a Symantec VIP token for you: http://thefinancebuff.com/security-token-fidelity-schwab-etrade.html

Not sure you want to handle that since it's not publicly documented anywhere official, so I filed an issue rather than just adding it myself :)

Now the list is growing longer and longer, perhaps it's worth refactoring main.yml into multiple files for each category or maybe even each entry?
That will make it easier for people to contribute changes without having to constantly resync with upstream...

If you sign into Skype with your Microsoft account, and your Microsoft account has 2 factor auth turned on, then Skype supports it. Most likely over time, Skype accounts will be deprecated and Skype will only support Microsoft accounts. I think at least on your site there should be an * with this note

Bank of America supports a custom 2FA, where they mail you a physical token, which they call SafePass.
As part of Bank of America but a separate site and entity, Merrill Lynch also has 2FA.

They use a custom authentication app

I was directed to this website by @OriginInsider: http://help.ea.com/en/article/origin-login-verification-information/

Doesn't appear to be listed. Doesn't support 2FA AFAIK

Teamviewer.com supports 2fa with Google Auth, Authy and others: https://www.teamviewer.com/en/help/399-Welche-Apps-kann-ich-verwenden-um-einen-Sicherheitscode-f-uuml-r-die-Zwei-Faktor-Authentifizierung-zu-erstellen.aspx (no idea why they have that on a german link...)

i'm new to this whole Github thing, so if anyone could add it, that would be nice.

There are other things to 2FA that would be nice to visualize:

• One time passwords (Backup Codes)
• Backup phones (how many phones?)
• App specific codes

I wouldn't want to clutter the main view so there could be two detail modes: Simple and Advanced or something like that.

Phone callback, as offered by Google, is a great method of 2FA, and deserves its own column in the tables so you can easily see what services offer it.

Dropbox and Digital Ocean support Authy, I use it for 2FA on both services.

Supports 2FA with Authy
https://dnsimple.com/security

twitter SMS doesnt work german d1 network (t-mobile)

At least, that's how I login to their site and apps.

As per the reddit thread: http://www.reddit.com/r/technology/comments/20mphz/twofactorauthorg_a_list_of_sites_and_whether_or/cg4ryqp

This site says that Amazon has no 2FA. This isn't true.

Amazon supports 2FA in IAM on Amazon AWS.

If you've enabled it there, you'll also get asked for 2FA on user accounts.

I think the Amazon issue needs to be greatly clarified.

They don't support two factor but they do hold all of your personal financial information.

https://ttlc.intuit.com/questions/2060465-two-factor-authentication is a joke.

Both Google Authenticator and Authy implement the same algorithm TOTP. See: http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

The only difference is GA tends to use 6-digit tokens and Authy uses 8-digit tokens. Same algorithm, same implementation.

More importantly, there are lot of other TOTP apps & services that work great (in some cases better) and are deployed at large organizations, like Duo: https://www.duosecurity.com/

Many of the people using those other great 2FA services won't know what "Google Auth" or "Authy" mean, when in reality, those apps & services work just fine with all the things on this list.

Maybe a more appropriate heading would be "TOTP" and the values could be 6 digits, 8 digits, or 6-8 digits, depending on the service?

Missing kraken bitcoin exchange.

http://twofactorauth.org/ does not have a favicon. :)
Which causes each page load to generate 2 404 requests.

A suggestion would be an rss feed so people could stay on top of the new services as they are added. (or some other notification method)

Which costs 30$ and is a physical thingie.
My account is Israeli, so it's possible it's related...

As per the reddit comment: http://www.reddit.com/r/technology/comments/20mphz/twofactorauthorg_a_list_of_sites_and_whether_or/cg4skyi

Would there be sense to add an option paper codes based for two-factor (HOTP: An HMAC-Based One-Time Password Algorithm)? E.g. you print / receive by mail a set of one-time codes which you need to enter for two-factor actions. Maybe an icon to custom column?

All banks in Scandinavia use this (probably a requirement by regulation).

LocalBitcoins does this: https://localbitcoins.com/forums/#!/general-discussion#paper-codes-based-two-facto

This works everywhere (no smartphone needed) and is resilent against mobile malware attacks where your two-factor SMS is hijacked: http://blog.kaspersky.com/an-android-that-robbed-your-bank-account/

However I don't know how popular paper codes are around the globe.

Related Python project which does both Google Authenticator and paper codes based two-factor: https://github.com/miohtama/django-twofactor

When I added the additional links for Blizzard in PR #75 I added a link for their app on Blackberry's AppWorld but there does not appear to be a corresponding icon for it on the live site. I was going to add one myself but I can't seem to find where to add that in the repo.

While scrolling down the page I saw no services that have WP, Android, and iOS and a physical token available. It's usually or.

Wait, I'm pretty sure Blizzard does. I was just about to add it and after a few moments of googling, I realize this:

All the links to Blizzard's store to purchase the authenticator are dead. It's still supported but a link to purchase one isn't available.

Any thoughts? Should this be added at all? If so, what should it link to?

Right now I'm using Semantic UI. It works pretty well but the default responsiveness is a bit wonky. It should look better on mobile devices.

Coinbase supports:

• authy
• google authenticator
• SMS

I had difficulty finding docs for coinbase 2fa tho.

This would probably go under the custom category, but Schwab supports 2FA by way of hardware security tokens which may be requested for free.

http://www.schwab.com/public/schwab/nn/legal_compliance/schwabsafe/protect_your_account

This would help save the eyes of high-DPI screen users like the Retina Macbook pro from seeing pixelated icons.

As per http://feedback.rackspace.com/forums/71021-product-feedback/suggestions/1633921-please-provide-2-factor-access-for-the-management it appears that Rackspace is working on a two factor auth and users can send a request for early access.

The custom field currently displays a big red X if the service does not provide a custom 2fa solution. However, it shouldn't be considered a negative, as google auth, sms and authy support is Good Enough™.

I propose that the custom field be blank if N/A or otherwise more neutral.

Cloud hosting provider that does NOT support 2FA.

I'm not sure if this is by design or not, but it confused me at first. Currently a sections icon appears after the section it relates to.

If this is by design, just ignore this.

Since it's a standard with widespread support across many clients and servers: http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

Twitter search only goes back so far, It'd be powerful to have a page that was the twitter avatars of everyone who pressed the button that link to their tweet.

As per this Tweet: https://twitter.com/ChrisChiera/status/445586390185955328

In smaller resolutions, the navbar can overlap onto some of the content.

As per this reddit comment: http://www.reddit.com/r/technology/comments/20mphz/twofactorauthorg_a_list_of_sites_and_whether_or/cg4subq