strongbox
two-factor-auth
strongbox | two-factor-auth | |
---|---|---|
1 | 1 | |
242 | 298 | |
0.0% | - | |
0.0 | 0.0 | |
about 1 year ago | over 1 year ago | |
Java | Java | |
Apache License 2.0 | ISC License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
strongbox
-
Finding over 6,000 credentials in Twitch's source code - How our source code is a vulnerability
There are free alternatives. I've used Strongbox and it was pretty much pain-free once it was set up.
two-factor-auth
-
How does Google Authenticator work?
It's really easy to integrate into websites as well. I did so a few years ago. The TOTP algorithm is just a few lines of code. I adapted this implementation https://github.com/j256/two-factor-auth at the time. There are similar libraries available for lots of languages.
You need a library like that and a way to convert an otp:// url into a QR code, for which there are many libaries as well. The rest is just implementing a sane UX around this. Storing the user's TOTP secret server side is a bit tricky. I suspect a plain text field in a database is quite common for this; which of course would be disastrous if that database were ever stolen. Secret stores don't scale for this as they tend to be designed for just a handful of secrets. We ended up encrypting these totp secrets using a key from our secret store.
What are some alternatives?
password-manager-java - First personal project. Feel free to practice by contributing. See README for ideas.
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
argon2-jvm - Argon2 Binding for the JVM
pass-otp - A pass extension for managing one-time-password (OTP) tokens