What is Open Two-Factor Authenticator extension and how does it work?
Open Two-Factor Authenticator is a one-time token generator for web services that require two-factor authentication (2FA). After installation, open the UI and select a master password for your keys. In version 0.1.x, you can also select a destination directory to be used for key storing. This directory can be used by all instances of the application to gain sync capability. In version 0.2.x all the secrets are safely stored in the browser storage area which is in sync with all your logged-in devices. Remember the master password is the only way to decrypt the key files. If for any reason master password is forgotten, there would be no way to access your key files anymore. After login, you will see a big plus button. Press this button every time you want to add a new token to the repository. Usually, web services provide a QR code instead of directly providing the token string. Use the "Scan a QR code" button to decode the image and save it to the repository.
When a token is added to the repository, you will see a new item is appended to the main window. Selecting this item will generate a one-time token for you that can be used for login into the provider's web service.
This extension alters the reported GEO location by your browser. You can provide your custom latitude and longitude to any website to improve privacy or get localized data from a custom location. This extension is also useful if you have a SOCKS proxy on your browser to have a consistent IP address with the GEO data. Read more here.
After migrating to 0.2.x, I cannot anymore see my credentials! What is going on?
The 0.1.x version uses a local directory to keep your secure files in *.bin format. The 0.2.x version uses the browser's synced storage. So the 0.2.x simply has no access to the old directory anymore. You can still use the encrypted data in this new improved version. Just press the "Plus" button and follow the importing guide. Note that from 0.2.x, to sync the storage, you will need to sync your browser in multiple devices.
What is two-factor authentication?
Two-factor authentication (also known as 2FA or 2-Step Verification) provides identification of users by means of the combination of two different components. These components may be something that the user knows, something that the user possesses or something that is inseparable from the user. Only the correct combination of a password and a PIN (personal identification number) allows securing the web access. Two-factor authentication is a type of multi-factor authentication.
How can I enable two-factor authentication on Google, Microsoft, Evernote, or any other web servies that support two-factor authentication?
To enable two-factor authentication on Google please visit https://www.google.com/landing/2step/. For Microsoft account visit http://windows.microsoft.com/en-us/windows/two-step-verification-faq. For your Evernote account please read this blog post. for other services, Google "two-factor authentication" along with the name of the service.
How secure is Open Two-Factor Authenticator?
Open Two-Factor Authenticator encrypts your secret key along with some other info using
AES-CBC algorithm. The generated binary string is then stored locally in a plain text format (after base64 encoding). Using this method, all your credentials are stored locally and are accessed within multiple devices, and still, the credentials are safe.
(version 0.2.x) How can I sync the extension with other devices?
You need to use the same browser in all the devices that you need the 2FA token generation. Your browser takes care of syncing the storage for you. Just login and wait for the sync to be completed, then open the UI
(version 0.1.x) How can I sync multiple instances of Open Two-Factor Authenticator?
After the first run, there is a browse button labeled "Custom Repository". Select that button and point the application to the folder where your credentials are stored. If Open Two-Factor Authenticator finds at least one encrypted file in the directory, the UI changes from registering mode to login mode. Now you can enter your old passkey and have access to the token.
What does happen if I forget my master passkey?
There is literally no way to have access to the credentials if master password is forgotten. It is highly recommended to generate backup codes to be able to login to the web service and request a new QR code. To generate backup codes for Google account visit https://support.google.com/accounts/answer/1187538?hl=en.
What does happen if I enter a wrong master password?
Nothing! Simply you won't see the added accounts in the token window anymore. Actually, you can have more than one master password for a single repository. This way, only accounts that are successfully been decrypted with the provided master password are only shown after login.
Is "Open Two-Factor Authenticator" extension going to remember my master password?
No, your master password is not going to be saved. By default the extension erases the password after 5 minutes of being idle.
Why I cannot see my accounts anymore after entering the master password?
You are entering a wrong master password. Simply close the application (or press the "Exit" button) and re-open it and reenter the master password.
(version 0.1.x only) How can I sync "Open Two-Factor Authenticator" on Firefox for Android with the desktop version?
You need a file syncing software that allows offline file syncing on mobile devices. Then copy all your credentials from the original directory and paste it in the sync-able directory. Now point both instances of Open Two-Factor Authenticator to this directory.
Please keep reviews clean, avoid improper language, and do not post any personal information. Also, please consider sharing your valuable input on the official store.
An increasing number of activities today rely on web based services. From shopping to education, web based products and services are taking the leading role in providing what consumers need, when they need it. One of the most important challenges when it comes to such services is security, particularly in regards to authorized access. While most major websites use verified and secure services, there is always the chance of unauthorized access that must be eliminated in order to maintain and control proper access to products. Part of this process is two-factor authentication. Also referred to as 2FA or 2-Step Verification, this process involves proving or verifying the identity of users by combining 2 separate components. These components may be information or a key that the user knows or possesses. Only the correct combination of both components at the same time allows access to a secure web session. Having its origins in the security concept of multi-factor authentication, 2FA relies on encrypting key files that store personal or identifying data.
Open Two Factor Authenticator is a one time token generator that manages web access for secure services such as payments and other personal services (such as Google, Microsoft, or Amazon). It works by using a master password and specific keys to control access of external applications to your personal data. All of your personal data, along with other information that you choose, is securely kept in a local directory. In order to prevent any unauthorized access, the master password cannot be reset. You can also sync all the encrypted secure keys to work with your accounts on different devices.
Here are some of the unique built in features available with Open Two Factor Authenticator to make your web browsing experience more secure:
An added feature of Open Two Factor Authenticator is that it can be synced to manage multiple instances or multiple user sessions at the same time, without having to log out of all services and log back in again. You can also use a file syncing software to use Open Two Factor Authenticator on mobile devices. Please note that the master password cannot be reset, and the developer recommends keeping original QR codes in a safe place so that you can access them later. Users are also asked to generate one-time keys when the two factor authentication process is enabled in web services.