[waldfee]

Blizzard also has their own stuff. OATH for everything would make things so much easier. I cannot understand why they wont simply do that.

What i hava a problem with in regards to account recovery options is that some services require you to also have enabled sms based 2FA in addition to TOTP or similiar as a fallback. That defeats the whole purpose of non-gsm based 2FA. The whole construct is as insecure as sms based alone, the TOTP part is entirely useless. at least make it optional if you think some users need it.

[scrollaway]

FWIW Blizzard is 8-digit TOTP, they just don't make it obvious/easy to use your own stuff.

Here's a command line tool I wrote that will generate a TOTP authenticator for you, with QR, base32 secret, etc:

https://github.com/jleclanche/python-bna

You can use it with andOTP, KeepassXC, 1Password etc.

[StavrosK]

Hey Jerome! Nice utility, but you may want to point people to andOTP (at least for Android devices), it's maintained (FreeOTP is unmaintained, I think) and much more featureful:

https://play.google.com/store/apps/details?id=org.shadowice....

[robotdan]

If anyone is looking to test out their own impl or a third party, this web based JS impl allow you to set up and test with a secret and a 6 digit OTP.

https://github.com/inversoft/prime-two-factor/tree/master/we...

[scrollaway]

Updated. :)

[waldfee]

nice, thank you