TOTP Authentication with Free Software

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Totp Hotp OTP Android 2FA

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • python-vipaccess

    A free software implementation of Symantec's VIP Access application and protocol

    • My apologies, I guess I read these lines wrong.

    https://github.com/dlenski/python-vipaccess/blob/cc4366f7bce...

  • mintotp

    Minimal TOTP generator in 20 lines of Python

    • A little golfed, but TOTP in python, using included modules, is not much code.

    https://github.com/susam/mintotp/blob/main/mintotp.py

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • KeePassDX

    Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.

    • FWIW, KeePassDX can also handle TOTP, it's on FDroid too

    https://www.keepassdx.com/

  • totp

    • If you want to stay in the command line there is an excellent cli you can use https://github.com/yitsushi/totp.

    It’s an excellent tool that has great encryption and handles multiple accounts and can paste into your clipboard with `totp account.name|pbcopy` and asks for a password on stderr. Pretty cool stuff.

  • full-stack-fastapi-postgresql

    Full stack, modern web application generator. Using FastAPI, PostgreSQL as database, Nuxt3, Docker, automatic HTTPS and more. (by whythawk)

    • On the other end, I integrated TOTP into the auth workflow for a full stack FastAPI base project generator (https://github.com/whythawk/full-stack-fastapi-postgresql).

    TOTP is great, but developers need to start adding it to their apps by default.

  • hotpants

    HOTP/TOTP one time passwords on java phones (J2ME)

    • Going digital detox but still want that sweet 2FA? My J2ME vintage feature phone HOTP/TOTP app has you covered. https://github.com/baumschubser/hotpants

  • smart-id-documentation

    • > If there is a move in this area, I predict it will come from something like EU regulations on interoperability (we already have rules on Open Banking to some extent) - something to bear in mind next time the EU's approach to regulation is criticised as "anti-tech".

    This would actually be really cool! Over here in the Baltics most banks expect you to use SmartID, which admittedly is fine and has some source up on GitHub, even some nice documentation: https://github.com/SK-EID/smart-id-documentation

    But more implementations and support for less vendor lock-in is nice, except that in the case of confirming bank authentication/transactions, there's probably a rather serious matter of trust and security at play. That said, if there was a large community effort, I'm sure that the end result would still be good for creating something like that.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • Aegis

    A free, secure and open source app for Android to manage your 2-step verification tokens.

    • Microsoft Authenticator is the app that would literally refuse to work unless you first consented to data sharing and telemetrics. No fucking go. Thankfully, F-Droid has a useful alternative (Android only, of course):

    https://github.com/beemdevelopment/Aegis

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts