This task is to update the suggested 2FA/TOTP applications that are presented to users on Phorge. As of now the named suggestions are the closed-source Google Authenticator and Authy. I'd suggest that the named suggestions be open-source applications only so that members of Phorge communities are prompted to use open-source in as many places as possible. The code for these suggestions can be found in src/applications/auth/factor/PhabricatorTOTPAuthFactor.php, with the functions controlling the texts being:
public function getFactorDescription() { return pht( 'Attach a mobile authenticator application (like Authy '. 'or Google Authenticator) to your account. When you need to '. 'authenticate, you will enter a code shown on your phone.'); } public function getEnrollDescription( PhabricatorAuthFactorProvider $provider, PhabricatorUser $user) { return pht( 'To add a TOTP factor to your account, you will first need to install '. 'a mobile authenticator application on your phone. Two applications '. 'which work well are **Google Authenticator** and **Authy**, but any '. 'other TOTP application should also work.'. "\n\n". 'If you haven\'t already, download and install a TOTP application on '. 'your phone now. Once you\'ve launched the application and are ready '. 'to add a new TOTP code, continue to the next step.'); }
I recently updated meta.wikimedia.org/wiki/Help:Two-factor_authentication to highlight open-source 2FA/TOTP options a bit more, with the current suggestions that provide mobile apps now being:
- Aegis (Android, F-Droid)
- 2FAS (Android, iOS)
- Bitwarden Authenticator (Android, iOS)
- FreeOTP (Android, F-Droid, iOS)
- Authenticator (iOS)
Maybe those above or a subset of them could be the new suggestions to users when they're setting up 2FA/TOTP?
Happy to discuss the above!