Our great sponsors
-
-
I've been working on something similar to what you described[^1], using Shamir secret sharing to split the TOTP secret. Once enough key holders get together, a server generates some TOTP tokens, but only for a limited period of time.
I wanted to use it in an enterprise environment to limit the access to AWS root users in a break-glass scenario. Now I no longer have such need and haven't developed it further, but the core features are there. As usual though with this kind of tools, any security problem becomes a key management problem and it'd need a bit more work to use it in the real world.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
https://github.com/incipher/shamir
Here's a CLI, written in Go, that uses HashiCorp Vault's implementation of the Shamir Secret Sharing algorithm and exposes its functionality to the command-line in an easy-to-use manner.
I personally use it to divide my password manager's master password into shares that are given to family members and close friends in order for them to collectively reconstruct my master password and obtain access to my password vault in case I pass away.
Disclaimer: I'm the author.