Open Two Factor Authenticator A sync-able open-source two-factor authenticator
Support Development
PayPal ● 
Bitcoin Address: 1sM2BrTH8BRgt3quiASK8TmYSafutNvDo
Ether Address: 0xCf9eaAc56992e12EB61fD46342172d4EEff5C8e4

"Open Two Factor Authenticator" is an open-source project aims to bring two-factor authentication to browsers and smart phones in a secure but sync-able way. All the keys are stored in a local directory, hence they are sync-able; though all local key files are highly encrypted.


  1. What is Open Two-Factor Authenticator extension and how does it work?

    Open Two-Factor Authenticator is one-time token generator for web services that require Two-Factor Authentication. After installation, open the UI and select a master password for your keys. You can also select a destination directory to be used for key storing. This directory can be used by all instances of the application to gain sync capability. Remember the master password is the only way to decrypt the key files. If for any reason master password is forgotten, there would be no way to access your key files anymore. After login you will see a big plus button. Press this button every time you want to add a new token to the repository. There are three ways of adding a new token.

    • Manually enter the token into the box (token string should be in otpauth://totp... format)
    • Add an screenshot that contains the QR code. Usually web services provide a QR code instead of directly providing the token string. Use the "Add an screenshot" tab to decode the image and save it to the repository.
    • Scan the QR code: If you are on a mobile device where you can scan the QR code, use this option to directly scan the QR code from an screen.

    When token is added to the repository, you will see a new item is appended to the main window. Selecting this item will generate one-time token for you that can be used for login into the provider's web service.

  2. What is two-factor authentication?

    Two-factor authentication (also known as 2FA or 2-Step Verification) provides identification of users by means of the combination of two different components. These components may be something that the user knows, something that the user possesses or something that is inseparable from the user. Only the correct combination of a password and a PIN (personal identification number) allows to secure web access. Two-factor authentication is a type of multi-factor authentication.

  3. How can I enable two-factor authentication on Google, Microsoft, Evernote, or any other web servies that support two-factor authentication?

    To enable two-factor authentication on Google please visit For Microsoft account visit For your Evernote account please read this blog post. for other services, Google "two-factor authentication" along with the name of the service.

  4. How secure is Open Two-Factor Authenticator?

    Open Two-Factor Authenticator encrypts your secret key along with some other info using AES-CBC algorithm. The generated binary string is then stored locally in a plain text format (after base64 encoding). Using this method, all your credentials are stored locally and are accessed within multiple devices, and still the credentials are safe.

  5. How can I sync multiple instances of Open Two-Factor Authenticator?

    After the first run, there is a browse button labeled "Custom Repository". Select that button and point the application to the folder where your credentials are stored. If Open Two-Factor Authenticator finds at least one encrypted file in the directory, the UI changes from registering mode to login mode. Now you can enter your old passkey and have access to the token.

  6. What does happen if I forget my master passkey?

    There is literally no way to have access to the credentials if master password is forgotten. It is highly recommended to generate backup codes to be able to login to the web service and request a new QR code. To generate backup codes for Google account visit

  7. What does happen if I enter a wrong master password?

    Nothing! Simply you wont see the added accounts in the token window anymore. Actually you can have more than one master password for a single repository. This way, only accounts that are successfully been decrypted with the passkey are only shown after login.

  8. Is "Open Two-Factor Authenticator" going to remember my master password?

    No, your master password is not going to be save. By default the extension erases the password after 5 minutes of being idle.

  9. Why I cannot see my accounts anymore after entering the master password?

    You are entering a wrong master password. Simply close the application (or press the "Exit" button) and re-open it and reenter the master password.

  10. How can I sync "Open Two-Factor Authenticator" on Firefox for Android with the desktop version?

    You need a file syncing software that allows offline file syncing on mobile devices. Then copy all your credentials from the original directory and paste it in the sync-able directory. Now point both instances of Open Two-Factor Authenticator to this directory.

Matched Content


Please keep reviews clean, avoid the use of improper language and do not post any personal information.
  • <a> Defines an anchor.

    Example: <a href="">a sample link</a>

  • <pre><code> Syntax Highlighting (Supported languages: Bash, JSON, HTML, JavaScript, and CSS).

    Example: <pre><code class="javascript">var foo = 'bar';</code></pre>

  • <strong> Defines bold text
  • <blockquote> Defines a long quotation
  • <caption> Defines a table caption
  • <cite> Defines a citation
  • <em> Defines italic text
  • <p> Defines a paragraph
  • <span> Defines a section in a document
  • <s> Defines strikethrough text
  • <strike> Defines strikethrough text
  • <u> Defines underlined text
  • <br> Defines a single line break; can be used alone and don't need an ending tag

What's new in this version

Change Logs:
    Last 10 commits on GitHub
    Hover over a node to see more details

    Need help?

    If you have questions about the extension, or ideas on how to improve it, please post them on the  support site. Don't forget to search through the bug reports first as most likely your question/bug report has already been reported or there is a workaround posted for it.

    Open IssuesIssuesForks

    Editorial Review

    An increasing number of activities today rely on web based services. From shopping to education, web based products and services are taking the leading role in providing what consumers need, when they need it. One of the most important challenges when it comes to such services is security, particularly in regards to authorized access. While most major websites use verified and secure services, there is always the chance of unauthorized access that must be eliminated in order to maintain and control proper access to products. Part of this process is two-factor authentication. Also referred to as 2FA or 2-Step Verification, this process involves proving or verifying the identity of users by combining 2 separate components. These components may be information or a key that the user knows or possesses. Only the correct combination of both components at the same time allows access to a secure web session. Having its origins in the security concept of multi-factor authentication, 2FA relies on encrypting key files that store personal or identifying data.

    Open Two Factor Authenticator is a one time token generator that manages web access for secure services such as payments and other personal services (such as Google, Microsoft, or Amazon). It works by using a master password and specific keys to control access of external applications to your personal data. All of your personal data, along with other information that you choose, is securely kept in a local directory. In order to prevent any unauthorized access, the master password cannot be reset. You can also sync all the encrypted secure keys to work with your accounts on different devices.

    Here are some of the unique built in features available with Open Two Factor Authenticator to make your web browsing experience more secure:

    An added feature of Open Two Factor Authenticator is that it can be synced to manage multiple instances or multiple user sessions at the same time, without having to log out of all services and log back in again.
 You can also use a file syncing software to use Open Two Factor Authenticator on mobile devices.
 Please note that the master password cannot be reset, and the developer recommends keeping original QR codes in a safe place so that you can access them later. Users are also asked to generate one-time keys when the two factor authentication process is enabled in web services.

    Recent Blog Posts on