two-factor-auth
keepassxc
two-factor-auth | keepassxc | |
---|---|---|
1 | 513 | |
298 | 19,312 | |
- | 2.6% | |
0.0 | 8.9 | |
over 1 year ago | 3 days ago | |
Java | C++ | |
ISC License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
two-factor-auth
-
How does Google Authenticator work?
It's really easy to integrate into websites as well. I did so a few years ago. The TOTP algorithm is just a few lines of code. I adapted this implementation https://github.com/j256/two-factor-auth at the time. There are similar libraries available for lots of languages.
You need a library like that and a way to convert an otp:// url into a QR code, for which there are many libaries as well. The rest is just implementing a sane UX around this. Storing the user's TOTP secret server side is a bit tricky. I suspect a plain text field in a database is quite common for this; which of course would be disastrous if that database were ever stolen. Secret stores don't scale for this as they tend to be designed for just a handful of secrets. We ended up encrypting these totp secrets using a key from our secret store.
keepassxc
- Passkey Implementation: Misconceptions, pitfalls and unknown unknowns
- KeePassXC Issue: [Passkeys] should never be exported in clear text
- Authy to sunset EOL end of March 19, 2024 (originally August 2024)
-
I Stopped Using Passwords. It's Great–and a Total Mess
KeepassXC supports exporting, but i don't think it is released in a stable version / to the public yet:
https://github.com/keepassxreboot/keepassxc/pull/8825
-
Ask HN: Best Password Manager without cloud login?
If you use KeePass, make sure you use the KeePassXC variant. KeePass is dead.
https://keepassxc.org/
-
Do you trust password mangers?
That's why you use the superior one, KeePassXC, as linked in the NIST link: https://github.com/keepassxreboot/keepassxc/discussions/9433
- What program(s) do you use to remember passwords, including crypto?
-
Will Plasma 6 still keep X11 compatibility?
Over there, they got pissed about people constantly bugging them about it and closed the bug with the last comment reading:
-
Help a noob out, please.
for the internet, use a password manager like keepassxc with a strong password.
-
KDE Plasma 6.0 Is Enabling Wayland by Default
Another regression is that KeePassX/C AutoType doesn't work with Wayland, so now instead of a simple CTRL+V in KeePassXC, I have to separately copy and paste the user and the pass.
https://github.com/keepassxreboot/keepassxc/issues/2281
What are some alternatives?
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
KeePassDX - Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
pass-otp - A pass extension for managing one-time-password (OTP) tokens
KeePass2.x - unofficial mirror of KeePass2.x source code
ios-application - A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
google-authenticator - Open source version of Google Authenticator (except the Android app)
Strongbox - A KeePass/Password Safe Client for iOS and OS X
pyotp - Python One-Time Password Library
MacPass - A native macOS KeePass client
strongbox - A secret manager for AWS