Extracting TOTP keys from a proprietary Android 2FA app

This is an analysis of an early 2010s proprietary Android-based two-factor authentication (2FA) application for a particular cloud service provider – à la Okta, or Microsoft Authenticator. This particular cloud service has been publicly criticised for not supporting industry standard 2FA algorithms such as time-based… »

Guide: Using Okta Verify with third-party TOTP (Google Authenticator, FreeOTP, etc.)

Okta is an identity management and single sign-on cloud provider. Okta supports multi-factor authentication through multiple mechanisms, but at my site, only the proprietary Okta Verify smartphone app was supported.

Thankfully, Okta Verify operates via the ‘industry standard Time-Based, One-Time Password Algorithm (TOTP)’,… »