two-factor-auth
pass-otp
| two-factor-auth | pass-otp | |
|---|---|---|
| 1 | 22 | |
| 298 | 1,228 | |
| - | - | |
| 0.0 | 0.0 | |
| over 1 year ago | about 1 month ago | |
| Java | Shell | |
| ISC License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
two-factor-auth
-
How does Google Authenticator work?
It's really easy to integrate into websites as well. I did so a few years ago. The TOTP algorithm is just a few lines of code. I adapted this implementation https://github.com/j256/two-factor-auth at the time. There are similar libraries available for lots of languages.
You need a library like that and a way to convert an otp:// url into a QR code, for which there are many libaries as well. The rest is just implementing a sane UX around this. Storing the user's TOTP secret server side is a bit tricky. I suspect a plain text field in a database is quite common for this; which of course would be disastrous if that database were ever stolen. Secret stores don't scale for this as they tend to be designed for just a handful of secrets. We ended up encrypting these totp secrets using a key from our secret store.
pass-otp
- End of Life for Twilio Authy Desktop App
-
How do you sync your passwords?
otp tokens are included in the encrypted file. It’s just appended to the file, e.g. otpauth://totp/… You’ll need to install https://github.com/tadfisher/pass-otp on desktop for this to work. But the android client comes with support builtin.
-
Authenticator app advertising on App Store sends QR codes to developer
I use pass myself. I had no idea you could use it for otp. Are you using something like this? https://github.com/tadfisher/pass-otp
-
Twilio outage now 8 hours after laying off 27% staff
I use https://github.com/tadfisher/pass-otp with pass, which has a FOSS client for desktop and smartphone (at least for andriod, no idea for ios)
-
authenticator apps on Linux/Emacs commandline?
There are the password manager pass (https://www.passwordstore.org/), which has an extension pass-otp (https://github.com/tadfisher/pass-otp). This extension can be used instead of Google Authenticator.
-
Cryptopathic: The situation at LastPass may be worse than they are letting on
> In particular, I don't see how 2FA is possible with this
Umm, why not?
First, you can use a different app (like aegis) to generate OTPs.
Second, pass has an extension (https://github.com/tadfisher/pass-otp) that can be used to generate OTPs.
- A pass extension for managing one-time-password (OTP) tokens
-
Question about 'pass(wordstore)'
git clone https://github.com/tadfisher/pass-otpcd pass-otpsudo make install
-
GitHub to require two-factor authentication
You can use pass
What are some alternatives?
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
gopass - The slightly more awesome standard unix password manager for teams
ios-application - A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!
rofi-pass - rofi frontend for pass
google-authenticator - Open source version of Google Authenticator (except the Android app)
Android-Password-Store - Android application compatible with ZX2C4's Pass command line application
pyotp - Python One-Time Password Library
android-otp-extractor - Extracts OTP tokens from rooted Android devices
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
strongbox - A secret manager for AWS