I was just reflecting, while moving stuff from my Pixel 2XL to a different Android phone so I can send the former off for a screen repair that OTP is an important mobile functionality since I was using an old app without secret backup
For the Librem I tried suggesting andOTP from FDroid for a port with a donation at Fund Your App but got a 405 error.
What would be your ideal OTP app be on Librem 5? Is there something Linux native that already works? When I went to check it seems desktop Linux OTP applications are thinner on the ground than FOSS Android OTP apps.
I am using pass for storing passwords and TOTP.
I also created a GUI for it, as pass is only a CLI:
Benefit is that it can use a smartcard to encrypt the passwords/TOTP-secrets.
Possible Downside the current TOTP Code ist not displayed but only copied to the clipboard. (Could be Changes in the GUI in the Future)
Don’t use oathtool unless you’re super sure your device isn’t compromised. It takes the key as an argument, which means that all programs can see it with the ps tool (if they check at the right time).
Good point. Although if you mount /proc with hidepid=2, attackers can only access that if they have login access to your user account or root, and in both cases, there are plenty of other exploits they could use to intercept your private key (or a password used to encrypt the key, etc).