[2fa] Migrating from 1.0.0 to 1.1.0

truebreaker

Unlocking 2fa has changed in 1.1.0. Here are the main changes you should be aware of.

If you had Automatic Backups enabled, you will be prompted to enter a passphrase in order to unlock the app. Your unlock passphrase is now your Automatic Backups passphrase. Once correctly entered, all your accounts should appear.
If you had Automatic Backups disabled, you will be prompted to redo setup. If you had biometrics disabled, upon completion all your accounts should appear. This is not the case when biometrics are enabled; you will have to import your accounts upon completion from a previously exported backup (export.2fa).
Non-authenticated unlock no longer exists.
Automatic Backups have been replaced with Passphrase Unlock.
Every once in a while, when using biometric unlock, you will have to enter your passphrase, and sometimes it will be the only way to unlock the app. You will also be prompted to "Confirm Biometrics" in order to re-establish them, otherwise they will be disabled.

Q: I can’t remember my Automatic Backups passphrase. What do I do?

You are provided with the 1.900.0-ephemeral version below to unlock the app. This APK won’t receive any updates, and you must export your accounts upon unlock, then delete it, reinstall the appropriate version, and import your accounts. This will work as long as none of the keys were invalidated.

Q: I’m not updating from version 1.0.0. What do I do?

If for whatever reason unlocking the app wasn’t possible, you should message us directly on Discord, Codeberg, or here.

Q: I’m using the Google Play Store version.

Unfortunately, we cannot create custom Play versions because Google uses its own signing key.

Links:
app.ninesevennine.twofactorauthenticator
https://www.filemail.com/d/ttotefijqntjocf
https://www.mediafire.com/file/8mhqhipml46hgak/twofactorauthenticator-standard-vc-19003000.apk/file

app.ninesevennine.twofactorauthenticator.accrescent
https://www.filemail.com/d/suchpdkpxxyupqt
https://www.mediafire.com/file/1whct97soe2myux/twofactorauthenticator-accrescent-vc-19003000.apk/file

truebreaker

~~Your unlock passphrase is now your Automatic Backups passphrase~~

Your Automatic Backups passphrase is now your unlock passphrase.

alwarnecke

I lost all my account data with this update. The update processed automatically, I didn't even have a chance to take a recent backup prior to updating. Since I had biometrics enabled, I'm SOL. The ephemeral version didn't help either.

Next time, please plan for this scenario? Maybe with a giant warning or something. Lesson learned the hard way I guess, enabling automatic backups should almost be mandatory for those using this app.

TGOS

alwarnecke

Me too. This is utterly stupid to work like this. I thought since this app is listed in the Accrescent store it is more or less "safe" and won't do such weird moves to lose all of your credentials.
On github a few recent moves already had ppl with this result and they were pissed.
I thought when I do everything like the app asks and backup it won't occur to me.
Now I'll figure out how to solve. Logging in today on my 2fa needed account is questionable.
I'm really done with the handle of this.
I wished I stayed with EnteAuth, without headache and not a app which was/is seemengly not ready for publishing.

truebreaker

alwarnecke

I lost all my account data with this update. The update processed automatically, I didn't even have a chance to take a recent backup prior to updating. Since I had biometrics enabled, I'm SOL. The ephemeral version didn't help either.

You skipped the set up instructions for using biometrics and automatic backups.

Next time, please plan for this scenario? Maybe with a giant warning or something. Lesson learned the hard way I guess, enabling automatic backups should almost be mandatory for those using this app.

It was identified that users were not reading the setup instructions screens and just skipping over them, being the main reason for the 1.1 update. This was a necessary update and only a minority were affected.

TGOS

I thought when I do everything like the app asks and backup it won't occur to me.

If you did what the app asked then you would of read the instructions for biometrics, automatic backups and would of followed them.

Johnnyloans

truebreaker It was identified that users were not reading the setup instructions screens and just skipping over them, being the main reason for the 1.1 update.
If you did what the app asked then you would of read the instructions for biometrics, automatic backups and would of followed them.

To recap:

The developer knew that a portion of users had a set-up in the app that deviated from what's intended. The main reason for the update is to address this.

1)

An app allowing a user to submit incorrect data or skip required sections is the app's fault--not the user's. This is a core flaw before we even get into the nitty-gritty field of intuitive UI design. I've never heard of TypeError: Cannot read properties of null being a skill issue.

2)

It is unclear if the update to remedy this was addressing all 3 issues:

Required sections are skippable
Settings/data are different from expected
Migrating users who have bad configs/databases to a good config/database.

The issue is known but it seems you never tested the migration of these small number of users. If so, why only test a good environment when the issue is bad environments.

alwarnecke I lost all my account data with this update

You skipped the set up instructions for using biometrics and automatic backups.
This was a necessary update and only a minority were affected.

It is commendable the 2 users here were so polite. Which makes the following even more tragic.

3)

I fail to discern any accountability or responsibility -- let alone concern -- from the developer.
If an app's purpose is to hold secrets and the developer relieves themselves of all responsibility, why should any user store secrets in the app?

@lberrymage @spring-onion

truebreaker

Johnnyloans

The developer knew that a portion of users had a set-up in the app that deviated from what's intended. The main reason for the update is to address this.

Yes

An app allowing a user to submit incorrect data or skip required sections is the app's fault--not the user's.

No, it's the users fault.

The sections in question:
Biometrics -> https://anonpic.net/0/OhewQ4CJmi.png
Automatic Backups -> https://anonpic.net/0/lvOn1oufod.png

I've never heard of TypeError: Cannot read properties of null being a skill issue.

I have no idea what you are referring to.

2)
It is unclear if the update to remedy this was addressing all 3 issues:
Required sections are skippable

The affected sections have been completely removed, now requiring users to have a passphrase to unlock the app.

Aegis had the exact same issue when adding biometrics which is why they have so many warnings, they still have issues to this day and you can verify this by just looking at their Google Play Store review page.

Notable examples:
-> https://anonpic.net/0/4nBCVR8m4m.png
-> https://anonpic.net/0/7YydvCzkE3.png

Settings/data are different from expected
Migrating users who have bad configs/databases to a good config/database.

I don't know what you mean by this. You can download 1.0.0 and update to the 1.1.0 to verify how migration happens.

The issue is known but it seems you never tested the migration of these small number of users. If so, why only test a good environment when the issue is bad environments.

It was tested and worked as expected. Verified by 20 testers as can be seen in the Codeberg page.

It is commendable the 2 users here were so polite. Which makes the following even more tragic.

The questions of these users have already been answered in the Codeberg page.

3)
I fail to discern any accountability or responsibility -- let alone concern -- from the developer.
If an app's purpose is to hold secrets and the developer relieves themselves of all responsibility, why should any user store secrets in the app?

See the context provided in section 1. The only people who are complaining are the ones that had biometrics enabled and automatic backups disabled, no one else.

This comes off as an acceptable and necessary loss when I'm sure it was preventable with more planning.

I discovered that people were skipping screens when it first became available on the Google Play Store, thanks to their analytics and irl testing with friends, an update had to be made as I overestimated the user base.

Currently the app is gaining 2.87 new users daily on the Google Play Store and I have no way of knowing how many of them use automatic backups. Not to mention that the average user doesn't update their app manually and rather it's done by the Appstore automatically within the first _month, though I had a case where a user didn't update the app for 4 months and had to modify an older version in order to save his accounts.

You could say that the migration could of been done better but this was a matter of time and the necessary steps were taken.

Johnnyloans

I forgot to mention this:

This was a necessary update and only a minority were affected.

This comes off as an acceptable and necessary loss when I'm sure it was preventable with more planning.

0xC0DED0D0

Never even tried it. Had it on my wishlist as a possible Aegis alternative, if I'd ever need one.

Heard about issues with users losing credentials during beta. But that was beta.

≥1.0.0 = not beta. 🙄

Sounds like it should go off my list, then. Shame. Seemed alright.