Skip to content

Webapp allowing you to see your TOTP (two factors authentication) codes easily.

Notifications You must be signed in to change notification settings

Cqoicebordel/authenticator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Authenticator

What is it ?

It's a webapp allowing you to see your TOTP (two factors authentication) codes easily.

How does it work ?

Everything is done locally, with JS. No network necessary, and moreover, no network request done at all. You don't even need a webserver to use it on your computer. It's more or less secure.

How to use it ?

  • Download the repository however you like. As a zip works well.
  • Extract in your wanted folder.
  • Fill the settings.js with the secrets of your TOTP accounts, and their names.
  • Open index.html

To have the secrets, you either go to each site to ask for one, or if you have a rooted Android phone, with the Google Authenticator App, you can open the /data/data/com.google.android.apps.authenticator2/databases/databases file, which contains all the accounts with their secrets.

What is its purpose ?

It was kind of cumbersome to open the right app in my phone each time I wanted to log in, and my PC is only used by me, in my home (a desktop). So it was secure to have those codes on that machine. And doing it, I found out that it was perfect to use in a Vivaldi web panel.

How was it build ?

This project was hacked together in a couple of days, copy/pasting a lot of code. So I have a lot of acknowledgments to do.

What not to do with this ?

  • Don't host it on an Internet accessible page.
  • Don't use it on a laptop : if someone steal this, or you lose it, they will have your passwords, and your 2 factors auth codes too.
  • Don't use it on a multi-users computer. And I'm not a security expert, so, be very, very, very careful with it.

What is the licence ?

My work is published under the WTFPL. Beware that it covers only my work, and I didn't double check the licences of the other stuff I used.

Is it secure ?

It doesn't do any network request (beyond loading, of course). So I won't stole your codes that way. Beyond that, I'm not a security expert. Please be careful with your secrets. I'm not responsible for anything bad that could happen. This project is provided as-is.