2FAuth/README.md

# 2FAuth

![Docker build status](https://img.shields.io/github/actions/workflow/status/bubka/2fauth/ci-docker-test.yml?branch=master&style=flat-square)
![https://codecov.io/gh/Bubka/2FAuth](https://img.shields.io/codecov/c/github/Bubka/2FAuth?style=flat-square)
![https://github.com/Bubka/2FAuth/blob/master/LICENSE](https://img.shields.io/github/license/Bubka/2FAuth.svg?style=flat-square)

A web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes

![screens](https://user-images.githubusercontent.com/858858/100485897-18c21400-3102-11eb-9c72-ea0b1b46ef2e.png)

[**2FAuth Demo**](https://demo.2fauth.app/)  
Credentials (login - password) : *demo@2fauth.app* - *demo*

## Purpose

2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.

It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface.

I created it because :

* Most of the UIs for this kind of apps show tokens for all accounts in the same time with stressful countdowns (in my opinion)
* I wanted my 2FA accounts to be stored in a standalone database I can easily backup and restore (did you already encountered a smartphone loss with all your 2FA accounts in Google Auth? I did...)
* I hate taking out my smartphone to get an OTP when I use a desktop computer
* I love coding and I love self-hosted solutions

## Main features

* Manage your 2FA accounts and organize them using Groups
* Scan and decode any QR code to add account in no time
* Add custom account without QR code thanks to an advanced form
* Edit accounts, even the imported ones
* Generate TOTP and HOTP security codes and Steam Guard codes

2FAuth is currently fully localized in English and French. See [Contributing](#contributing) if you want to help on adding more languages.

## Security

2FAuth provides several security mechanisms to protect your 2FA data as best as possible.

### Single user app

You have to create a user account and authenticate yourself to use the app. It is not possible to create more than one user account, the app is thought for personal use.

### Modern authentication

You can sign in 2FAuth using a security key like a Yubikey or a Titan key and disable the traditional login form.

### Data encryption

Sensitive data stored in the database can be encrypted to protect them against db compromise. Encryption is provided as an option which is disabled by default. It is strongly recommanded to backup the APP_KEY value of your .env file (or the whole file) when encryption is On.

### Auto logout

2FAuth automatically log you out after an inactivity period to prevent long life session. The auto logout can be deactivated or triggered when a security code is copied.

### RFC compliance

2FAuth generates OTP according to RFC 4226 (HOTP Algorithm) and RFC 6238 (TOTP Algorithm) thanks to [Spomky-Labs/OTPHP](https://github.com/Spomky-Labs/otphp) php library.

## Requirements

* [![Requires PHP8](https://img.shields.io/badge/php-^8.1-red.svg?style=flat-square)](https://secure.php.net/downloads.php)
* See [Laravel server requirements](https://laravel.com/docs/7.x/installation#server-requirements)
* Any database [supported by Laravel](https://laravel.com/docs/7.x/database)

## Installation guides

* [Self-hosted server](https://docs.2fauth.app/getting-started/installation/self-hosted-server/)

* [Docker (cli)](https://docs.2fauth.app/getting-started/installation/docker/docker-cli/)

* [Docker (compose)](https://docs.2fauth.app/getting-started/installation/docker/docker-compose/)

* [Heroku](https://docs.2fauth.app/getting-started/installation/heroku/)

## Upgrading

* [Upgrade guide](https://docs.2fauth.app/getting-started/upgrade/)

## Migration

2FAuth supports importing from the following formats: 2FAuth (JSON), Google Auth (QR code), Aegis Auth (JSON, plain text), 2FAS Auth (JSON)

* [Import guide](https://docs.2fauth.app/getting-started/usage/import/)

## Contributing

You can contribute to 2FAuth in many ways:

* By [reporting bugs](https://github.com/Bubka/2FAuth/issues/new?template=bug_report.md), or even better, by submitting a fix with a pull request on the *dev* branch.
* By [suggesting enhancement or new feature](https://github.com/Bubka/2FAuth/issues/new?template=feature_request.md). Please have a look to the [2FAuth development project](https://github.com/users/Bubka/projects/1), maybe your idea is already there.
* By correcting or completing translations in a language you speak, using the [Crowdin platform](https://crowdin.com/project/2fauth). Ask for your language if this one is lacking.

## License

[AGPL-3.0](https://www.gnu.org/licenses/agpl-3.0.html)
Fix readme linting errors 2021-07-31 12:49:53 +00:00			`# 2FAuth`

Fix build badge broken 2023-10-27 07:32:33 +00:00			`![Docker build status](https://img.shields.io/github/actions/workflow/status/bubka/2fauth/ci-docker-test.yml?branch=master&style=flat-square)`
Update PHP requirements and badges in README.MD 2020-03-12 08:46:14 +00:00			`![https://codecov.io/gh/Bubka/2FAuth](https://img.shields.io/codecov/c/github/Bubka/2FAuth?style=flat-square)`
			`![https://github.com/Bubka/2FAuth/blob/master/LICENSE](https://img.shields.io/github/license/Bubka/2FAuth.svg?style=flat-square)`

Update description in README 2020-10-03 17:22:20 +00:00			`A web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes`
Add readme.md file 2020-01-13 15:39:27 +00:00
Update README.md 2020-11-28 20:56:12 +00:00			`![screens](https://user-images.githubusercontent.com/858858/100485897-18c21400-3102-11eb-9c72-ea0b1b46ef2e.png)`
Update README.md 2020-02-13 21:44:04 +00:00
Update README, change log and bump version number 2022-07-13 16:07:34 +00:00			`[2FAuth Demo](https://demo.2fauth.app/)`
Update README.md 2020-03-30 07:45:28 +00:00			`Credentials (login - password) : demo@2fauth.app - demo`

Add readme.md file 2020-01-13 15:39:27 +00:00			`## Purpose`
Fix readme linting errors 2021-07-31 12:49:53 +00:00
Enhance README.md 2020-10-08 20:27:56 +00:00			`2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.`

			`It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface.`
Add readme.md file 2020-01-13 15:39:27 +00:00
			`I created it because :`
Fix readme linting errors 2021-07-31 12:49:53 +00:00
Add readme.md file 2020-01-13 15:39:27 +00:00			`* Most of the UIs for this kind of apps show tokens for all accounts in the same time with stressful countdowns (in my opinion)`
Enhance README.md 2020-10-08 20:27:56 +00:00			`* I wanted my 2FA accounts to be stored in a standalone database I can easily backup and restore (did you already encountered a smartphone loss with all your 2FA accounts in Google Auth? I did...)`
			`* I hate taking out my smartphone to get an OTP when I use a desktop computer`
			`* I love coding and I love self-hosted solutions`

			`## Main features`
Fix readme linting errors 2021-07-31 12:49:53 +00:00
Update README.md 2020-11-28 20:56:12 +00:00			`* Manage your 2FA accounts and organize them using Groups`
			`* Scan and decode any QR code to add account in no time`
			`* Add custom account without QR code thanks to an advanced form`
			`* Edit accounts, even the imported ones`
Update README, change log and bump version number 2022-07-13 16:07:34 +00:00			`* Generate TOTP and HOTP security codes and Steam Guard codes`
Add readme.md file 2020-01-13 15:39:27 +00:00
Drop PHP 8.0 support & Fix unique validation rules 2023-03-24 23:20:39 +00:00			`2FAuth is currently fully localized in English and French. See [Contributing](#contributing) if you want to help on adding more languages.`
Add readme.md file 2020-01-13 15:39:27 +00:00
Update README.md 2020-11-28 20:56:12 +00:00			`## Security`

Update README, change log and bump version number 2022-07-13 16:07:34 +00:00			`2FAuth provides several security mechanisms to protect your 2FA data as best as possible.`
Update README.md 2020-11-28 20:56:12 +00:00
Fix readme linting errors 2021-07-31 12:49:53 +00:00			`### Single user app`

Update README.md 2020-11-28 20:56:12 +00:00			`You have to create a user account and authenticate yourself to use the app. It is not possible to create more than one user account, the app is thought for personal use.`

Update README, change log and bump version number 2022-07-13 16:07:34 +00:00			`### Modern authentication`

			`You can sign in 2FAuth using a security key like a Yubikey or a Titan key and disable the traditional login form.`

Fix readme linting errors 2021-07-31 12:49:53 +00:00			`### Data encryption`

Update README.md 2020-11-28 20:56:12 +00:00			`Sensitive data stored in the database can be encrypted to protect them against db compromise. Encryption is provided as an option which is disabled by default. It is strongly recommanded to backup the APP_KEY value of your .env file (or the whole file) when encryption is On.`

Fix readme linting errors 2021-07-31 12:49:53 +00:00			`### Auto logout`

Update README.md 2020-11-28 20:56:12 +00:00			`2FAuth automatically log you out after an inactivity period to prevent long life session. The auto logout can be deactivated or triggered when a security code is copied.`
Add readme.md file 2020-01-13 15:39:27 +00:00
Fix readme linting errors 2021-07-31 12:49:53 +00:00			`### RFC compliance`

Add readme.md file 2020-01-13 15:39:27 +00:00			`2FAuth generates OTP according to RFC 4226 (HOTP Algorithm) and RFC 6238 (TOTP Algorithm) thanks to [Spomky-Labs/OTPHP](https://github.com/Spomky-Labs/otphp) php library.`

			`## Requirements`
Fix readme linting errors 2021-07-31 12:49:53 +00:00
Drop PHP 8.0 support & Fix unique validation rules 2023-03-24 23:20:39 +00:00			`* [![Requires PHP8](https://img.shields.io/badge/php-^8.1-red.svg?style=flat-square)](https://secure.php.net/downloads.php)`
Update README.md 2020-10-12 21:10:53 +00:00			`* See [Laravel server requirements](https://laravel.com/docs/7.x/installation#server-requirements)`
			`* Any database [supported by Laravel](https://laravel.com/docs/7.x/database)`
Add readme.md file 2020-01-13 15:39:27 +00:00
Update README, change log and bump version number 2022-07-13 16:07:34 +00:00			`## Installation guides`
Fix readme linting errors 2021-07-31 12:49:53 +00:00
Update README, change log and bump version number 2022-07-13 16:07:34 +00:00			`* [Self-hosted server](https://docs.2fauth.app/getting-started/installation/self-hosted-server/)`
Fix readme linting errors 2021-07-31 12:49:53 +00:00
Update README, change log and bump version number 2022-07-13 16:07:34 +00:00			`* [Docker (cli)](https://docs.2fauth.app/getting-started/installation/docker/docker-cli/)`
Add readme.md file 2020-01-13 15:39:27 +00:00
Update README, change log and bump version number 2022-07-13 16:07:34 +00:00			`* [Docker (compose)](https://docs.2fauth.app/getting-started/installation/docker/docker-compose/)`
Update README.md 2020-03-30 07:45:28 +00:00
Corrected Link for Heroku 2023-02-24 09:33:03 +00:00			`* [Heroku](https://docs.2fauth.app/getting-started/installation/heroku/)`
Update readme.md 2020-01-15 22:40:56 +00:00
Enhance README.md 2020-10-08 20:27:56 +00:00			`## Upgrading`
Fix readme linting errors 2021-07-31 12:49:53 +00:00
Update README, change log and bump version number 2022-07-13 16:07:34 +00:00			`* [Upgrade guide](https://docs.2fauth.app/getting-started/upgrade/)`
Update readme.md 2020-01-15 22:40:56 +00:00
Highlight import guide for migration 2023-06-02 08:05:31 +00:00			`## Migration`

			`2FAuth supports importing from the following formats: 2FAuth (JSON), Google Auth (QR code), Aegis Auth (JSON, plain text), 2FAS Auth (JSON)`

			`* [Import guide](https://docs.2fauth.app/getting-started/usage/import/)`

Fix readme linting errors 2021-07-31 12:49:53 +00:00			`## Contributing`

Update README.md 2020-10-17 11:46:46 +00:00			`You can contribute to 2FAuth in many ways:`

Fix readme linting errors 2021-07-31 12:49:53 +00:00			`* By [reporting bugs](https://github.com/Bubka/2FAuth/issues/new?template=bug_report.md), or even better, by submitting a fix with a pull request on the dev branch.`
Update README, change log and bump version number 2022-07-13 16:07:34 +00:00			`* By [suggesting enhancement or new feature](https://github.com/Bubka/2FAuth/issues/new?template=feature_request.md). Please have a look to the [2FAuth development project](https://github.com/users/Bubka/projects/1), maybe your idea is already there.`
Fix readme linting errors 2021-07-31 12:49:53 +00:00			`* By correcting or completing translations in a language you speak, using the [Crowdin platform](https://crowdin.com/project/2fauth). Ask for your language if this one is lacking.`

			`## License`
Add readme.md file 2020-01-13 15:39:27 +00:00
Update README.md 2020-02-13 21:44:04 +00:00			`[AGPL-3.0](https://www.gnu.org/licenses/agpl-3.0.html)`