Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
KeePassDX
Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
-
full-stack-fastapi-postgresql
Full stack, modern web application generator. Using FastAPI, PostgreSQL as database, Nuxt3, Docker, automatic HTTPS and more. (by whythawk)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
My apologies, I guess I read these lines wrong.
https://github.com/dlenski/python-vipaccess/blob/cc4366f7bce...
A little golfed, but TOTP in python, using included modules, is not much code.
https://github.com/susam/mintotp/blob/main/mintotp.py
FWIW, KeePassDX can also handle TOTP, it's on FDroid too
https://www.keepassdx.com/
If you want to stay in the command line there is an excellent cli you can use https://github.com/yitsushi/totp.
It’s an excellent tool that has great encryption and handles multiple accounts and can paste into your clipboard with `totp account.name|pbcopy` and asks for a password on stderr. Pretty cool stuff.
On the other end, I integrated TOTP into the auth workflow for a full stack FastAPI base project generator (https://github.com/whythawk/full-stack-fastapi-postgresql).
TOTP is great, but developers need to start adding it to their apps by default.
Going digital detox but still want that sweet 2FA? My J2ME vintage feature phone HOTP/TOTP app has you covered. https://github.com/baumschubser/hotpants
> If there is a move in this area, I predict it will come from something like EU regulations on interoperability (we already have rules on Open Banking to some extent) - something to bear in mind next time the EU's approach to regulation is criticised as "anti-tech".
This would actually be really cool! Over here in the Baltics most banks expect you to use SmartID, which admittedly is fine and has some source up on GitHub, even some nice documentation: https://github.com/SK-EID/smart-id-documentation
But more implementations and support for less vendor lock-in is nice, except that in the case of confirming bank authentication/transactions, there's probably a rather serious matter of trust and security at play. That said, if there was a large community effort, I'm sure that the end result would still be good for creating something like that.
Microsoft Authenticator is the app that would literally refuse to work unless you first consented to data sharing and telemetrics. No fucking go. Thankfully, F-Droid has a useful alternative (Android only, of course):
https://github.com/beemdevelopment/Aegis