two-factor-auth
pass
two-factor-auth | pass | |
---|---|---|
1 | 1 | |
298 | 6 | |
- | - | |
0.0 | 3.7 | |
over 1 year ago | 8 months ago | |
Java | Shell | |
ISC License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
two-factor-auth
-
How does Google Authenticator work?
It's really easy to integrate into websites as well. I did so a few years ago. The TOTP algorithm is just a few lines of code. I adapted this implementation https://github.com/j256/two-factor-auth at the time. There are similar libraries available for lots of languages.
You need a library like that and a way to convert an otp:// url into a QR code, for which there are many libaries as well. The rest is just implementing a sane UX around this. Storing the user's TOTP secret server side is a bit tricky. I suspect a plain text field in a database is quite common for this; which of course would be disastrous if that database were ever stolen. Secret stores don't scale for this as they tend to be designed for just a handful of secrets. We ended up encrypting these totp secrets using a key from our secret store.
pass
-
How does Google Authenticator work?
If you're using pass already you could use their OTP plugin:
https://github.com/tadfisher/pass-otp
That gives you "pass otp github.com", etc. You can also export the QRcode, and do similar things.
I put together a simple distribution of pass with a couple of plugins I use, including otp, which is easy to setup - just clone beneath `/opt/pass`:
https://github.com/skx/pass
What are some alternatives?
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
pass-otp - A pass extension for managing one-time-password (OTP) tokens
android-otp-extractor - Extracts OTP tokens from rooted Android devices
ios-application - A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!
pyotp - Python One-Time Password Library
google-authenticator - Open source version of Google Authenticator (except the Android app)