pass-otp
two-factor-auth
Our great sponsors
pass-otp | two-factor-auth | |
---|---|---|
22 | 1 | |
1,221 | 298 | |
- | - | |
0.0 | 0.0 | |
20 days ago | over 1 year ago | |
Shell | Java | |
GNU General Public License v3.0 only | ISC License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pass-otp
- End of Life for Twilio Authy Desktop App
-
How do you sync your passwords?
otp tokens are included in the encrypted file. It’s just appended to the file, e.g. otpauth://totp/… You’ll need to install https://github.com/tadfisher/pass-otp on desktop for this to work. But the android client comes with support builtin.
-
Authenticator app advertising on App Store sends QR codes to developer
I use pass myself. I had no idea you could use it for otp. Are you using something like this? https://github.com/tadfisher/pass-otp
-
Twilio outage now 8 hours after laying off 27% staff
I use https://github.com/tadfisher/pass-otp with pass, which has a FOSS client for desktop and smartphone (at least for andriod, no idea for ios)
-
authenticator apps on Linux/Emacs commandline?
There are the password manager pass (https://www.passwordstore.org/), which has an extension pass-otp (https://github.com/tadfisher/pass-otp). This extension can be used instead of Google Authenticator.
-
Cryptopathic: The situation at LastPass may be worse than they are letting on
> In particular, I don't see how 2FA is possible with this
Umm, why not?
First, you can use a different app (like aegis) to generate OTPs.
Second, pass has an extension (https://github.com/tadfisher/pass-otp) that can be used to generate OTPs.
- A pass extension for managing one-time-password (OTP) tokens
-
Question about 'pass(wordstore)'
git clone https://github.com/tadfisher/pass-otpcd pass-otpsudo make install
-
GitHub to require two-factor authentication
You can use pass
two-factor-auth
-
How does Google Authenticator work?
It's really easy to integrate into websites as well. I did so a few years ago. The TOTP algorithm is just a few lines of code. I adapted this implementation https://github.com/j256/two-factor-auth at the time. There are similar libraries available for lots of languages.
You need a library like that and a way to convert an otp:// url into a QR code, for which there are many libaries as well. The rest is just implementing a sane UX around this. Storing the user's TOTP secret server side is a bit tricky. I suspect a plain text field in a database is quite common for this; which of course would be disastrous if that database were ever stolen. Secret stores don't scale for this as they tend to be designed for just a handful of secrets. We ended up encrypting these totp secrets using a key from our secret store.
What are some alternatives?
gopass - The slightly more awesome standard unix password manager for teams
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
rofi-pass - rofi frontend for pass
ios-application - A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!
Android-Password-Store - Android application compatible with ZX2C4's Pass command line application
google-authenticator - Open source version of Google Authenticator (except the Android app)
android-otp-extractor - Extracts OTP tokens from rooted Android devices
pyotp - Python One-Time Password Library
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
strongbox - A secret manager for AWS