From Authy to Yhtua
Hey all,
The other day (2 years ago) I was doing talking about my transition from Google Auhenticator to Authy here with the variety of all advantages Authy brought. Easy of use, convenience of getting your 2FA code right from your desktop, multi-device etc.
This was great but all good stuff comes to an end and that was basically what the email of Twilio send to their user recently.
It's was the start of looking for an alternative, there are some but they were not fitting all my needs. I mainly work on macOS or Linux, sometime getting on Windows just for gaming. My main goal was pretty much to get the exact same experience accross all of my devices, which means all software I'm using must be cross platform, at least macOS + Linux. I did some investigation and I have found the following:
Greg Zając
Theses were a bunch of option but none were ticking all of my criterias. I was not a big fan of ente auth, since if I'm right they were asking to create an account (I know I had to link my authy to my phone number), but did not like the onboarding so did not go further. The other one 2FAS or Aegis did not have a desktop app or an app that fit my needs. Bitwarden was the best candidate as I am already using it as password manager but has it has OTP support but first of all if I'm not mistaken you have to get the first plan for OTP support and also I'm not a fan to combine both my password manager with my OTP, so this was a no go. There were also the vaultwarden solution if I don't want to get a plan, but it does not solve the fact that both my password manager and 2FA OTP live in the same app.
Then I dug a little bit about how that OTP thing was working, I stumbled on the following npm packages:
I choose otpauth, that was the one that fits my needs. However it blew my mind 🤯 and I wonder why there was not that much OTP token manager out there. Then I said why not recreating Authy myself using Tauri which is an electron alternative where you can embed web app to create cross-platform app. It's rust based and seems to works well. Tauri gives you also API for system access, it works arround permissions etc, the same way as it work in mobile development. I had heard about Tauri but never really had an idea or the opportunity to work with it so that was the opportunity.
Did my own research and a couple of days after had this little side project to build.
My stack:
- Tauri my cross platform app creator (linux/macos/windows)
- Nuxt.js: my framework to craft a multipage app without the hasle of routing and a great DX
- Zustand as my state manager
- Zod for fields and schema validation
- Tailwind CSS + Tailwind UI for UI
- optauth as OTP lib
Then Yhtua 🔓 was born
Yhtua is an open source and free desktop application and Authy alternative designed to provide secure and convenient two-factor authentication (2FA) management.
iiAkuYhtua comes with the following built-in feature:
- Can add OTP Token from their secret (6/7/8 digits support)
- You can import your previously exported tokens (from another computer)
- You can export your tokens
What next for the futur ?
I did not wanted to have a too complex add a new 2FA token form for a MVP, but I'd like to let the (advanced) user to change the algorithm of its token and also perhaps support HOTP (HMAC-based one-time password). I know I can do it with the lib and that just a matter of parameters. The token schema can handle it.
Also I'm open to contribution, haven't got the time to write a contribution guideline markdown, but definitely open to that 😄.
I hope you enjoy my article about Yhtua and I hope you'll use it.
Enjoy