Since Authy discontinued their desktop application I was struggling to find a replacement.
Everything I tried is bulky and overcomplicated.
I decided to make my own.
It's a simple password-protected page where you can see all your 2FA codes updating in real time.
It does not have any controls on the frontend.
I tried to make it as secure as possible.
But,
- I am no security expert.
- I am no python or web expert.
So you must consider this project as insecure.
OTP secrets are stored encrypted in yaml file. They are encrypted by Fernet
Whenever you input the right password on the fronted, OTP keys are decrypted using your password as a key and sent to you via HTTP.
When you close or update your page, decrypted data disappears.
The unencrypted keys are part of the Javascript built in the <script></script> tag. I don't know how secure that is,
but I guess it's not, so your extensions might get your data.
- clone the project
- Hash your password using SHA256 (
echo -n YOUR_SECRET_PASSWORD | sha256sum) - Put it in the
PREDEFINED_HASHvariable in ./docker-compose.yml - run
docker compose up -d - run
docker compose exec app python3 main.py --add-secretto add a secret. Make sure that you use base32 secret, but it is pretty much standard, so I believe in you! Also, your password must match the one you used forPREDEFINED_HASH - Open
http://localhost:11211and enter your password. You will see your OTP codes.
Run docker compose exec app python3 main.py --remove-secret to remove a secret.
docker-compose.yml is set up to listen only localhost. It's HIGHLY recommended to put it behind the reverse proxy.
I recommend Caddy since it has HTTPS support out of the box.
NEVER USE THIS TOOL WITHOUT HTTPS
This solution supports only SHA1 6 digit OTPs.
PRs to support more are welcome, I am too lazy. Especially because all 30 of my OTPs are using SHA1 6 digit scheme.
Due to my poor coding, secret names can not contain special symbols, only English letters, numbers, spaces and dots
The hard part is exporting your keys from Authy or other services. You should google how to do it with your current setup.
Most good tools support export, but Authy or Google Authenticator requires some effort.