beenull/ente
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

[docs] Enteception (#1408)

Browse source 
Add FAQ about storing Ente 2FA in Ente Auth.
This commit is contained in:
Manav Rathi 2024-04-11 09:28:16 +05:30 committed by GitHub
parent f6c47138e1 17f84398b7
commit 6079ebbc05
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 85 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
docs/docs/.vitepress/sidebar.ts
View file

@ -139,7 +139,17 @@ export const sidebar = [
text: "Auth", text: "Auth",
items: [ items: [
{ text: "Introduction", link: "/auth/" }, { text: "Introduction", link: "/auth/" },
{ text: "FAQ", link: "/auth/faq/" }, {
text: "FAQ",
collapsed: true,
items: [
{ text: "General", link: "/auth/faq/" },
{
text: "Enteception",
link: "/auth/faq/enteception/",
},
],
},
{ {
text: "Migration", text: "Migration",
collapsed: true, collapsed: true,

51
docs/docs/auth/faq/enteception/index.md Normal file
View file

@ -0,0 +1,51 @@
---
title: Enteception
description: Using Ente Auth to store 2FA for your Ente account
---
# Enteception
Your 2FA codes are in Ente Auth, but if you enable 2FA for your Ente account
itself, where should the 2FA for your Ente account be stored?
There are multiple answers, none of which are better or worse, they just depend
on your situation and risk tolerance.
If you are using the same account for both Ente Photos and Ente Auth and have
enabled 2FA from the ente Photos app, we recommend that you ensure you store
your recovery key in a safe place (writing it down on a paper is a good idea).
This key can be used to bypass Ente 2FA in case you are locked out.
Another option is to use a separate account for Ente Auth.
Also, taking exporting the encrypted backup is also another good way to reduce
the risk (you can easily import the encrypted backup without signing in).
Finally, we have on our roadmap some features like adding support for
emergency/legacy-contacts, passkeys, and hardware security keys. Beyond other
benefits, all of these would further reduce the risk of users getting locked out
of their accounts.
## Email verification for Ente Auth
There is a related ouroboros scenario where if email verification is enabled in
the Ente Auth app _and_ the 2FA for your email provider is stored in Ente Auth,
then you might need a code from your email to log into Ente Auth, but to log
into your email you needed the Auth code.
To prevent people from accidentally locking themselves out this way, email
verification is disabled by default in the auth app. We also try to show a
warning when you try to enable email verification in the auth app:
<div align="center">
![Warning shown when enabling 2FA in Ente Auth](warning.png){width=400px}
</div>
The solution here are the same as the Ente-in-Ente case.
## TL;DR;
Ideally, you should **note down your recovery key in a safe place (may be on a
paper)**, using which you will be able to by-pass the two factor.

BIN
docs/docs/auth/faq/enteception/warning.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 516 KiB

17
docs/docs/auth/faq/index.md
View file

@ -33,15 +33,20 @@ You can enable FaceID lock under Settings → Security → Lockscreen.
Please verify that the time on both your mobile and desktop is same. Please verify that the time on both your mobile and desktop is same.
### Does ente Authenticator require an account? ### Does ente Authenticator require an account?
Answer: No, ente Authenticator does not require an account. You can choose to use the app without backups if you prefer.
### Can I use the Ente 2FA app on multiple devices and sync them? Answer: No, ente Authenticator does not require an account. You can choose to
use the app without backups if you prefer.
Yes, you can download the Ente app on multiple devices and sync the codes, end-to-end encrypted. ### Can I use the Ente 2FA app on multiple devices and sync them?
Yes, you can download the Ente app on multiple devices and sync the codes,
end-to-end encrypted.
### What does it mean when I receive a message saying my current device is not powerful enough to verify my password? ### What does it mean when I receive a message saying my current device is not powerful enough to verify my password?
This means that the parameters that were used to derive your master-key on your original device, are incompatible with your current device (likely because it's less powerful). This means that the parameters that were used to derive your master-key on your
original device, are incompatible with your current device (likely because it's
If you recover your account via your current device and reset the password, it will re-generate a key that will be compatible on both devices. less powerful).
If you recover your account via your current device and reset the password, it
will re-generate a key that will be compatible on both devices.

9
docs/docs/photos/faq/general.md
View file

@ -110,11 +110,12 @@ or "dog playing at the beach".
Check the sections within the upload progress bar for "Failed Uploads," "Ignored Check the sections within the upload progress bar for "Failed Uploads," "Ignored
Uploads," and "Unsuccessful Uploads." Uploads," and "Unsuccessful Uploads."
## How do i keep NAS and Ente photos synced? ## How do i keep NAS and Ente photos synced?
Please try using our CLI to pull data into your NAS https://github.com/ente-io/ente/tree/main/cli#readme . Please try using our CLI to pull data into your NAS
https://github.com/ente-io/ente/tree/main/cli#readme .
## Is there a way to view all albums on the map view? ## Is there a way to view all albums on the map view?
Currently, the Ente mobile app allows you to see a map view of all the albums by clicking on "Your map" under "Locations" on the search screen. Currently, the Ente mobile app allows you to see a map view of all the albums by
clicking on "Your map" under "Locations" on the search screen.

6
docs/docs/photos/faq/security-and-privacy.md
View file

@ -81,7 +81,9 @@ and is never sent to our servers.
Please note that only users on the paid plan are allowed to share albums. The Please note that only users on the paid plan are allowed to share albums. The
receiver just needs a free Ente account. receiver just needs a free Ente account.
## Has the Ente Photos app been audited by a credible source? ## Has the Ente Photos app been audited by a credible source?
Yes, Ente Photos has undergone a thorough security audit conducted by Cure53, in collaboration with Symbolic Software. Cure53 is a prominent German cybersecurity firm, while Symbolic Software specializes in applied cryptography. Please find the full report here: https://ente.io/blog/cryptography-audit/ Yes, Ente Photos has undergone a thorough security audit conducted by Cure53, in
collaboration with Symbolic Software. Cure53 is a prominent German cybersecurity
firm, while Symbolic Software specializes in applied cryptography. Please find
the full report here: https://ente.io/blog/cryptography-audit/

6
docs/docs/photos/migration/export/index.md
View file

@ -64,6 +64,6 @@ data reflects the latest album states with new files, moves, and deletions.
If you run into any issues during your data export, please reach out to If you run into any issues during your data export, please reach out to
[support@ente.io](mailto:support@ente.io) and we will be happy to help you! [support@ente.io](mailto:support@ente.io) and we will be happy to help you!
Note that we also provide a [CLI Note that we also provide a
tool](https://github.com/ente-io/ente/tree/main/cli#export) to export your data. [CLI tool](https://github.com/ente-io/ente/tree/main/cli#export) to export your
Please find more details [here](/photos/faq/export). data. Please find more details [here](/photos/faq/export).