|"Open Two Factor Authenticator" is an open-source project aims to bring two-factor authentication to browsers and smart phones in a secure but sync-able way. All the keys are stored in a local directory, hence they are sync-able; though all local key files are highly encrypted.|
- One-time two-factor token generation
- Secure and sync-able
- Same UI on Chrome, Opera, Firefox and Android devices
- Load requested features from GitHub
What is Open Two-Factor Authenticator extension and how does it work?
Open Two-Factor Authenticator is one-time token generator for web services that require Two-Factor Authentication. After installation, open the UI and select a master password for your keys. You can also select a destination directory to be used for key storing. This directory can be used by all instances of the application to gain sync capability. Remember the master password is the only way to decrypt the key files. If for any reason master password is forgotten, there would be no way to access your key files anymore. After login you will see a big plus button. Press this button every time you want to add a new token to the repository. There are three ways of adding a new token.
- Manually enter the token into the box (token string should be in
- Add an screenshot that contains the QR code. Usually web services provide a QR code instead of directly providing the token string. Use the "Add an screenshot" tab to decode the image and save it to the repository.
- Scan the QR code: If you are on a mobile device where you can scan the QR code, use this option to directly scan the QR code from an screen.
When token is added to the repository, you will see a new item is appended to the main window. Selecting this item will generate one-time token for you that can be used for login into the provider's web service.
- Manually enter the token into the box (token string should be in
What is two-factor authentication?
Two-factor authentication (also known as 2FA or 2-Step Verification) provides identification of users by means of the combination of two different components. These components may be something that the user knows, something that the user possesses or something that is inseparable from the user. Only the correct combination of a password and a PIN (personal identification number) allows to secure web access. Two-factor authentication is a type of multi-factor authentication.
How can I enable two-factor authentication on Google, Microsoft, Evernote, or any other web servies that support two-factor authentication?
To enable two-factor authentication on Google please visit https://www.google.com/landing/2step/. For Microsoft account visit http://windows.microsoft.com/en-us/windows/two-step-verification-faq. For your Evernote account please read this blog post. for other services, Google "two-factor authentication" along with the name of the service.
How secure is Open Two-Factor Authenticator?
Open Two-Factor Authenticator encrypts your secret key along with some other info using
AES-CBCalgorithm. The generated binary string is then stored locally in a plain text format (after base64 encoding). Using this method, all your credentials are stored locally and are accessed within multiple devices, and still the credentials are safe.
How can I sync multiple instances of Open Two-Factor Authenticator?
After the first run, there is a browse button labeled "Custom Repository". Select that button and point the application to the folder where your credentials are stored. If Open Two-Factor Authenticator finds at least one encrypted file in the directory, the UI changes from registering mode to login mode. Now you can enter your old passkey and have access to the token.
What does happen if I forget my master passkey?
There is literally no way to have access to the credentials if master password is forgotten. It is highly recommended to generate backup codes to be able to login to the web service and request a new QR code. To generate backup codes for Google account visit https://support.google.com/accounts/answer/1187538?hl=en.
What does happen if I enter a wrong master password?
Nothing! Simply you wont see the added accounts in the token window anymore. Actually you can have more than one master password for a single repository. This way, only accounts that are successfully been decrypted with the passkey are only shown after login.
Is "Open Two-Factor Authenticator" going to remember my master password?
No, your master password is not going to be save. By default the extension erases the password after 5 minutes of being idle.
Why I cannot see my accounts anymore after entering the master password?
You are entering a wrong master password. Simply close the application (or press the "Exit" button) and re-open it and reenter the master password.
How can I sync "Open Two-Factor Authenticator" on Firefox for Android with the desktop version?
You need a file syncing software that allows offline file syncing on mobile devices. Then copy all your credentials from the original directory and paste it in the sync-able directory. Now point both instances of Open Two-Factor Authenticator to this directory.
|Please keep reviews clean, avoid the use of improper language and do not post any personal information.||HTML tags|
What's new in this version
An increasing number of activities today rely on web based services. From shopping to education, web based products and services are taking the leading role in providing what consumers need, when they need it. One of the most important challenges when it comes to such services is security, particularly in regards to authorized access. While most major websites use verified and secure services, there is always the chance of unauthorized access that must be eliminated in order to maintain and control proper access to products. Part of this process is two-factor authentication. Also referred to as 2FA or 2-Step Verification, this process involves proving or verifying the identity of users by combining 2 separate components. These components may be information or a key that the user knows or possesses. Only the correct combination of both components at the same time allows access to a secure web session. Having its origins in the security concept of multi-factor authentication, 2FA relies on encrypting key files that store personal or identifying data.
Open Two Factor Authenticator is a one time token generator that manages web access for secure services such as payments and other personal services (such as Google, Microsoft, or Amazon). It works by using a master password and specific keys to control access of external applications to your personal data. All of your personal data, along with other information that you choose, is securely kept in a local directory. In order to prevent any unauthorized access, the master password cannot be reset. You can also sync all the encrypted secure keys to work with your accounts on different devices.
Here are some of the unique built in features available with Open Two Factor Authenticator to make your web browsing experience more secure:
- Open Two Factor Authenticator can easily be used to manage access to multiple accounts online.
- Most major services, including Google and Microsoft support two-factor authentication.
- Open Two Factor Authenticator completely encrypts your access keys, making your web-services better protected against spyware, malware, keyloggers, and hackers.
An added feature of Open Two Factor Authenticator is that it can be synced to manage multiple instances or multiple user sessions at the same time, without having to log out of all services and log back in again. You can also use a file syncing software to use Open Two Factor Authenticator on mobile devices. Please note that the master password cannot be reset, and the developer recommends keeping original QR codes in a safe place so that you can access them later. Users are also asked to generate one-time keys when the two factor authentication process is enabled in web services.