Raivo OTP Authenticator has been acquired

Apparently, Raivo has been bought by Mobime. The announcement tweet says

:loudspeaker: Big News! :rocket: Exciting times ahead as we announce that Raivo has been acquired by Mobime (https://mobime.org)! :tada::handshake:
Rest assured, nothing will change for you, except for more support and development on the Raivo ecosystem. More updates will follow soon.

Tweet: https://twitter.com/RaivoOTP/status/1683372954002808833?s=20

4 Likes

This is really not great… According to their privacy policy, Mobime is using AdMob and Facebook in their apps, so perhaps that is the future of Raivo as well.

3 Likes

another app to uninstall great

4 Likes

It is too early for me to switch to Proton Pass. But, I dont want to spend more money with bitwarden or other apps.

1 Like

Darn it. Anyone got any decent alternatives for iOS? I need one that supports multiple SHA variants, not just SHA1 (like some password managers).

1 Like

For most people, TOTP in a dedicated app is not actually much more secure. They’re likely logging into accounts on their phones and have the password manager and TOTP app on their phones as well.
Use Security Keys for critical accounts, but use password manager’s TOTP solution for everything else.

If passkeys are available use them instead of TOTP. Passkeys are more secure than TOTP.
This seems to be in line with the intentions of Ravio’s authors

2FAS AUTH or Tofu? Both foss

1 Like

Hey why do you care about passkeys if They are not Crossplatform yet and must people have different threat Models anyways

You can also store TOTP codes on devices such as the Yubikey Series 5 this makes it a good replacement for Raivo OTP.

I believe you’re referring to FIDO2 but if you get a Yubikey Series 5 you can kill two birds with one stone.

1 Like

Yes, they are if you use a cross-platform password manager such as Bitwarden (which should soon support passkeys) or 1Password (the beta version already supports passkeys). And regardless, I don’t think passkeys have anything to do with different threat models. They are a vastly superior option for passwords, and everyone will be able to benefit from them after they become more widely available.

2 Likes

Thanks backfield but you know iam will be waiting for their support in proton pass

There’s this GitHub post made by a PG forum peep :

And you know what… There’s no response as of today.

Let’s say they are busy lol

Well this really sucks. I liked Raivo a lot, especially the super easy export capability that allows me to update my backup file with minimal fuss or time wasted.

This new company seems super sus. The only thing I could find searching for them on the internet, assuming it’s even the same one, is that they are a “marketing and technology company” based in Poland.

Sooo is it Tofu or bust? Any other iOS alternatives? I use a yubikey for everything that will let me, but there is ALOT of services that only allow TOTP and not yubikeys yet.

Edit: I just imported all my seeds into Bitwarden. Had preferred to keep TOTP separate from password manager but I guess since the backup codes are in there anyway their isn’t really a security trade off.

Thank you for bringing this to everyone’s attention. I would not have known without this post.

1 Like

It was the first thing I saw on twitter when I opened it in the morning. Saw no one else posted about it and since I use Raivo, I thought I should post it. Happy it helped!

2 Likes

Privacy Guides has removed Raivo OTP

And the main dev of Raivo has finally responded 1 hour ago when I’m writing this.

Hello everyone,

I’m hoping to address the privacy concerns here. The LICENSE.md and PRIVACY POLICY.md will remain the same (apart from my name being replaced by Mobime) and are still applied to all Raivo services. That does not change with the acquisition, nor has Mobime the intention to change them in the near future. Mobime is an app development company. Thus, they also develop other apps, and they have the right to apply another license or privacy policy to those apps.

Additionally, I just want to say that Raivo has been a hobby project of mine. If I do not respond for a few days, please take this into account. I’m trying to do my best to make it a smooth transition. Yet, I got caught of gaurd by the fast transfer from Apple’s side. I initially thought this would take weeks or months, but instead it was done in a single click.

But this doesn’t respond to most asked questions like :

  1. Who is the new owner exactly? What is their name? SARL indicates solem ownership. Who is in charge here?
  2. No pubilc records can be found on this Mobime SARL company
  3. No public address can be found on this Mobime SARL company
  4. What is the deal looking like for Mobize, why they invested in your app?
  5. What justification is this Mobime SARL?
  6. What is the company registration number of Mobime SARL?
  7. Can you share your thoughts on the “Phone master” app by Mobime?

I just made the decision to switch from Raivo to Ente auth. So far, so good.

There is also 2FAS, but there is no desktop app, but only browser extensions which I don’t find very intuitive.

If you have a Yubikey Series 5 you can store TOTP scores on it using Yubico Authenticator

Thank you for the suggestion. I decided to go with Bitwarden but May also back them up to my NFC Yubicos and compare which I like better…

An important warning about that. If you do this make sure to backup your TOTP seed while you are setting up 2FA for the particular account. Because with Yubikey it is impossible to export your seeds later on.

1 Like