android-otp-extractor
two-factor-auth
| android-otp-extractor | two-factor-auth | |
|---|---|---|
| 3 | 1 | |
| 211 | 298 | |
| - | - | |
| 0.0 | 0.0 | |
| almost 2 years ago | over 1 year ago | |
| Python | Java | |
| GNU General Public License v3.0 only | ISC License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
android-otp-extractor
- Tell HN: It is impossible to disable Google 2FA using backup codes
-
I want to switch from Google Authenticator to Authy, but I'm too afraid Authy will shut down due to financial issues. What should I do?
If you do not have these links, you will first need to export your tokens using, for instance, this script: https://github.com/puddly/android-otp-extractor (I am not endorsing it, it's just one of the many scripts that can retrieve your secrets)
- How does Google Authenticator work?
two-factor-auth
-
How does Google Authenticator work?
It's really easy to integrate into websites as well. I did so a few years ago. The TOTP algorithm is just a few lines of code. I adapted this implementation https://github.com/j256/two-factor-auth at the time. There are similar libraries available for lots of languages.
You need a library like that and a way to convert an otp:// url into a QR code, for which there are many libaries as well. The rest is just implementing a sane UX around this. Storing the user's TOTP secret server side is a bit tricky. I suspect a plain text field in a database is quite common for this; which of course would be disastrous if that database were ever stolen. Secret stores don't scale for this as they tend to be designed for just a handful of secrets. We ended up encrypting these totp secrets using a key from our secret store.
What are some alternatives?
ios-application - A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
pass-otp - A pass extension for managing one-time-password (OTP) tokens
extract_otp_secrets - Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured by camera, read from images, or read from text files. The secrets can be exported to JSON or CSV, or printed as QR codes to console.
google-authenticator - Open source version of Google Authenticator (except the Android app)
otp-codegen - Takes your OTP secret in and spits out the 6 digit OTP code
pyotp - Python One-Time Password Library
ArubaOTP-seed-extractor - Extract TOTP seed instead of using ArubaOTP app
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.