two-factor-auth
strongbox
two-factor-auth | strongbox | |
---|---|---|
1 | 1 | |
298 | 242 | |
- | 0.0% | |
0.0 | 0.0 | |
over 1 year ago | about 1 year ago | |
Java | Java | |
ISC License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
two-factor-auth
-
How does Google Authenticator work?
It's really easy to integrate into websites as well. I did so a few years ago. The TOTP algorithm is just a few lines of code. I adapted this implementation https://github.com/j256/two-factor-auth at the time. There are similar libraries available for lots of languages.
You need a library like that and a way to convert an otp:// url into a QR code, for which there are many libaries as well. The rest is just implementing a sane UX around this. Storing the user's TOTP secret server side is a bit tricky. I suspect a plain text field in a database is quite common for this; which of course would be disastrous if that database were ever stolen. Secret stores don't scale for this as they tend to be designed for just a handful of secrets. We ended up encrypting these totp secrets using a key from our secret store.
strongbox
-
Finding over 6,000 credentials in Twitch's source code - How our source code is a vulnerability
There are free alternatives. I've used Strongbox and it was pretty much pain-free once it was set up.
What are some alternatives?
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
password-manager-java - First personal project. Feel free to practice by contributing. See README for ideas.
pass-otp - A pass extension for managing one-time-password (OTP) tokens
argon2-jvm - Argon2 Binding for the JVM
ios-application - A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!
DocBleach - :shower: Sanitising your documents, one threat at a time. — Content Disarm & Reconstruction Software
google-authenticator - Open source version of Google Authenticator (except the Android app)
merloc-java - MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are still part of a flow in the AWS cloud remote.
pyotp - Python One-Time Password Library
OfficerBreaker - OOXML password remover
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
SuperTokens Community - Open source alternative to Auth0 / Firebase Auth / AWS Cognito