A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
Go to file
2023-12-21 08:54:46 +01:00
.github Update secret of update-docs-repo action 2023-12-06 08:28:34 +01:00
app Apply Pint fixes 2023-12-20 16:55:58 +01:00
bootstrap Add artisan ':install' command 2023-04-28 15:47:52 +02:00
config Update change log & Bump version number 2023-12-20 13:46:34 +01:00
database Complete SSO (user model, error cases, tests, views) & Add github provider 2023-12-09 17:22:24 +01:00
docker Add the ability to set a proxy for outgoing requests - Closes #252 2023-12-13 17:15:26 +01:00
docs Drop PHP 8.0 support & Fix unique validation rules 2023-03-25 12:26:01 +01:00
public Include & Build new assets 2023-12-21 08:54:46 +01:00
resources Hide Continue with when no SSO providers are set 2023-12-20 14:55:28 +01:00
routes Merge branch 'feature/openid-support' of https://github.com/indykoning/2FAuth into indykoning-feature/openid-support 2023-12-06 09:27:20 +01:00
storage Upgrade to Laravel 8 2022-03-31 11:24:01 +02:00
tests Add PHP 8.3 to Travis config & Skip broken tests (for now) 2023-12-20 17:08:18 +01:00
_ide_helper_models.php Add ide-helper files & Update phpdocs 2023-03-02 15:24:57 +01:00
_ide_helper.php Update IDE helper 2023-08-01 15:09:24 +02:00
.dockerignore Fix Docker test setup 2022-05-10 01:13:54 +02:00
.editorconfig Upgrade to Laravel 8 2022-03-31 11:24:01 +02:00
.env.example Add the ability to set a proxy for outgoing requests - Closes #252 2023-12-13 17:15:26 +01:00
.env.testing Fix tests 2023-12-14 12:36:38 +01:00
.env.travis Put back a dedicated travis .env file 2022-04-04 10:17:28 +02:00
.gitattributes Upgrade to Laravel 9 2022-11-25 15:18:19 +01:00
.gitignore Include & Build new assets 2023-12-21 08:54:46 +01:00
.styleci.yml Upgrade to Laravel 9 2022-11-25 15:18:19 +01:00
.travis.yml Add PHP 8.3 to Travis config & Skip broken tests (for now) 2023-12-20 17:08:18 +01:00
app.json Add heroku email settings - Close #33 2022-04-15 13:03:44 +02:00
artisan Upgrade to Laravel 9 2022-11-25 15:18:19 +01:00
changelog.md Update change log & Bump version number 2023-12-20 13:46:34 +01:00
composer.json Add support for an openid provider 2023-11-20 23:25:36 +01:00
composer.lock Update composer dependencies 2023-12-14 12:36:53 +01:00
crowdin.yml Add Crowdin configuration file 2020-10-14 23:18:51 +02:00
Dockerfile Add the ability to set a proxy for outgoing requests - Closes #252 2023-12-13 17:15:26 +01:00
jsconfig.json Set repo to handle vscode files 2022-03-31 11:24:00 +02:00
LICENSE Add LICENSE file 2020-01-11 00:13:04 +01:00
nginx.conf Complete heroku setup 2022-04-14 11:35:45 +02:00
package-lock.json Add a copyright banner to built files 2023-11-27 13:18:38 +01:00
package.json Add a rebuild Vite command to build & watch 2023-11-27 13:19:56 +01:00
phpstan.neon Replace Psalm with PHPStan 2022-09-07 17:50:14 +02:00
phpunit-mysql.xml Update tests to phpunit 10 2023-08-01 11:28:27 +02:00
phpunit.xml Update tests to phpunit 10 2023-08-01 11:28:27 +02:00
pint.json Apply Laravel Pint fixes 2022-11-25 15:20:36 +01:00
Procfile Complete heroku setup 2022-04-14 11:35:45 +02:00
README.md Fix build badge broken 2023-10-27 15:32:33 +08:00
vite.config.js Enable the Vue 3 front-end 2023-12-01 15:29:26 +01:00
vite.version.js Add a copyright banner to built files 2023-11-27 13:18:38 +01:00
webpack.mix.js Make Webpack extract all vendor dependencies 2023-09-20 14:11:40 +02:00

2FAuth

Docker build status https://codecov.io/gh/Bubka/2FAuth https://github.com/Bubka/2FAuth/blob/master/LICENSE

A web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes

screens

2FAuth Demo
Credentials (login - password) : demo@2fauth.app - demo

Purpose

2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.

It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface.

I created it because :

  • Most of the UIs for this kind of apps show tokens for all accounts in the same time with stressful countdowns (in my opinion)
  • I wanted my 2FA accounts to be stored in a standalone database I can easily backup and restore (did you already encountered a smartphone loss with all your 2FA accounts in Google Auth? I did...)
  • I hate taking out my smartphone to get an OTP when I use a desktop computer
  • I love coding and I love self-hosted solutions

Main features

  • Manage your 2FA accounts and organize them using Groups
  • Scan and decode any QR code to add account in no time
  • Add custom account without QR code thanks to an advanced form
  • Edit accounts, even the imported ones
  • Generate TOTP and HOTP security codes and Steam Guard codes

2FAuth is currently fully localized in English and French. See Contributing if you want to help on adding more languages.

Security

2FAuth provides several security mechanisms to protect your 2FA data as best as possible.

Single user app

You have to create a user account and authenticate yourself to use the app. It is not possible to create more than one user account, the app is thought for personal use.

Modern authentication

You can sign in 2FAuth using a security key like a Yubikey or a Titan key and disable the traditional login form.

Data encryption

Sensitive data stored in the database can be encrypted to protect them against db compromise. Encryption is provided as an option which is disabled by default. It is strongly recommanded to backup the APP_KEY value of your .env file (or the whole file) when encryption is On.

Auto logout

2FAuth automatically log you out after an inactivity period to prevent long life session. The auto logout can be deactivated or triggered when a security code is copied.

RFC compliance

2FAuth generates OTP according to RFC 4226 (HOTP Algorithm) and RFC 6238 (TOTP Algorithm) thanks to Spomky-Labs/OTPHP php library.

Requirements

Installation guides

Upgrading

Migration

2FAuth supports importing from the following formats: 2FAuth (JSON), Google Auth (QR code), Aegis Auth (JSON, plain text), 2FAS Auth (JSON)

Contributing

You can contribute to 2FAuth in many ways:

License

AGPL-3.0