A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Go to file
Bubka a9f648cbc5
Bump version number & Update change log
4 days ago
.github Reinstate composer.lock - Fixes #89 6 months ago
app Fix #160 : Steam otpauth URIs are rejected by the Import feature 4 days ago
bootstrap initial commit 4 years ago
config Bump version number & Update change log 4 days ago
database Set SettingService behind a Facade 6 months ago
docker Correcting the Email Settings section in the Docker readme 6 months ago
docs Drop PHP 7.4 support, default to PHP8.0 6 months ago
public Bump version number, update change log and recompile assets 2 months ago
resources Fix #141 : Convert InputField value to string 2 months ago
routes Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 4 months ago
storage Upgrade to Laravel 8 10 months ago
tests Fix API tests not returning the secret key 4 months ago
.dockerignore Fix Docker test setup 9 months ago
.editorconfig Upgrade to Laravel 8 10 months ago
.env.example Disable SESSION_LIFETIME environment var which interferes with autolock 3 months ago
.env.testing Disable SESSION_LIFETIME environment var which interferes with autolock 3 months ago
.env.travis Put back a dedicated travis .env file 10 months ago
.gitattributes initial commit 4 years ago
.gitignore Add composer ide-helper package 4 months ago
.styleci.yml Upgrade to Laravel 8 10 months ago
.travis.yml Drop PHP 7.4 support, default to PHP8.0 6 months ago
Dockerfile Fix PHP version and remove useless extensions installation 6 months ago
LICENSE Add LICENSE file 3 years ago
Procfile Complete heroku setup 10 months ago
README.md Drop PHP 7.4 support, default to PHP8.0 6 months ago
app.json Add heroku email settings - Close #33 10 months ago
artisan initial commit 4 years ago
changelog.md Bump version number & Update change log 4 days ago
composer.json Add composer ide-helper package 4 months ago
composer.lock Add composer ide-helper package 4 months ago
crowdin.yml Add Crowdin configuration file 2 years ago
jsconfig.json Set repo to handle vscode files 10 months ago
nginx.conf Complete heroku setup 10 months ago
package-lock.json Update npm dependencies 3 months ago
package.json Update npm dependencies 3 months ago
phpstan.neon Replace Psalm with PHPStan 5 months ago
phpunit-mysql.xml Fix & Complete tests 7 months ago
phpunit.xml Fix & Complete tests 7 months ago
server.php initial commit 4 years ago
webpack.mix.js Add sourcemap generation to webpack.mix config 10 months ago

README.md

2FAuth

Docker build status https://codecov.io/gh/Bubka/2FAuth https://github.com/Bubka/2FAuth/blob/master/LICENSE

A web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes

screens

2FAuth Demo
Credentials (login - password) : demo@2fauth.app - demo

Purpose

2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.

It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface.

I created it because :

  • Most of the UIs for this kind of apps show tokens for all accounts in the same time with stressful countdowns (in my opinion)
  • I wanted my 2FA accounts to be stored in a standalone database I can easily backup and restore (did you already encountered a smartphone loss with all your 2FA accounts in Google Auth? I did...)
  • I hate taking out my smartphone to get an OTP when I use a desktop computer
  • I love coding and I love self-hosted solutions

Main features

  • Manage your 2FA accounts and organize them using Groups
  • Scan and decode any QR code to add account in no time
  • Add custom account without QR code thanks to an advanced form
  • Edit accounts, even the imported ones
  • Generate TOTP and HOTP security codes and Steam Guard codes

2FAuth is currently fully localized in English and French. See Contributing if you want to help on adding more languages.

Security

2FAuth provides several security mechanisms to protect your 2FA data as best as possible.

Single user app

You have to create a user account and authenticate yourself to use the app. It is not possible to create more than one user account, the app is thought for personal use.

Modern authentication

You can sign in 2FAuth using a security key like a Yubikey or a Titan key and disable the traditional login form.

Data encryption

Sensitive data stored in the database can be encrypted to protect them against db compromise. Encryption is provided as an option which is disabled by default. It is strongly recommanded to backup the APP_KEY value of your .env file (or the whole file) when encryption is On.

Auto logout

2FAuth automatically log you out after an inactivity period to prevent long life session. The auto logout can be deactivated or triggered when a security code is copied.

RFC compliance

2FAuth generates OTP according to RFC 4226 (HOTP Algorithm) and RFC 6238 (TOTP Algorithm) thanks to Spomky-Labs/OTPHP php library.

Requirements

Installation guides

Upgrading

Contributing

You can contribute to 2FAuth in many ways:

License

AGPL-3.0