GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → alexzorin → Authy

alexzorin / Authy

Licence: mit
Go library and program to access your Authy TOTP secrets.

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

totp

Projects that are alternatives of or similar to Authy

Cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
Stars: ✭ 2,151 (+781.56%)
Mutual labels:  totp
Yubioath Android
Yubico Authenticator for Android
Stars: ✭ 176 (-27.87%)
Mutual labels:  totp
Otpclient
Highly secure and easy to use OTP client written in C/GTK that supports both TOTP and HOTP
Stars: ✭ 206 (-15.57%)
Mutual labels:  totp
Aegis
A free, secure and open source app for Android to manage your 2-step verification tokens.
Stars: ✭ 2,692 (+1003.28%)
Mutual labels:  totp
Python Bna
Python implementation of the mobile Blizzard Authenticator (TOTP)
Stars: ✭ 165 (-32.38%)
Mutual labels:  totp
Twofactorauth.net
.Net library for Two Factor Authentication (TFA / 2FA)
Stars: ✭ 182 (-25.41%)
Mutual labels:  totp
One Time
One Time Password (TOTP and HOTP) library for Clojure. TOTP/HOTP is widely used for Two Factor / Multi Factor Authentication.
Stars: ✭ 129 (-47.13%)
Mutual labels:  totp
Freeotpplus
Enhanced fork of FreeOTP-Android providing a feature-rich 2FA authenticator
Stars: ✭ 223 (-8.61%)
Mutual labels:  totp
Multiotp
multiOTP open source strong two factor authentication PHP library, OATH certified, with TOTP, HOTP, Mobile-OTP, YubiKey, SMS, QRcode provisioning, etc.
Stars: ✭ 173 (-29.1%)
Mutual labels:  totp
Twofactor totp
🔑 Second factor TOTP (RFC 6238) provider for Nextcloud
Stars: ✭ 203 (-16.8%)
Mutual labels:  totp
Android Otp Extractor
Extracts OTP tokens from rooted Android devices
Stars: ✭ 147 (-39.75%)
Mutual labels:  totp
Authenticatorpro
📱 Two-Factor Authentication (2FA) client for Android + Wear OS
Stars: ✭ 155 (-36.48%)
Mutual labels:  totp
Nginx Sso
SSO authentication provider for the auth_request nginx module
Stars: ✭ 195 (-20.08%)
Mutual labels:  totp
Nimble totp
A tiny Elixir library for time-based one time passwords (TOTP)
Stars: ✭ 139 (-43.03%)
Mutual labels:  totp
Go Guardian
Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.
Stars: ✭ 204 (-16.39%)
Mutual labels:  totp
Otpauth
One Time Password (HOTP/TOTP) library for Node.js, Deno and browsers.
Stars: ✭ 135 (-44.67%)
Mutual labels:  totp
Twofactor
Golang two factor authentication library
Stars: ✭ 179 (-26.64%)
Mutual labels:  totp
Two Factor Auth
Two Factor Authentication Java code implementing the Time-based One-time Password Algorithm
Stars: ✭ 225 (-7.79%)
Mutual labels:  totp
Speakeasy
**NOT MAINTAINED** Two-factor authentication for Node.js. One-time passcode generator (HOTP/TOTP) with support for Google Authenticator.
Stars: ✭ 2,531 (+937.3%)
Mutual labels:  totp
Libreauth
LibreAuth is a collection of tools for user authentication.
Stars: ✭ 201 (-17.62%)
Mutual labels:  totp
View All Similar Projects ➔

authy

GoDoc

This is a Go library that allows you to access your Authy TOTP tokens.

It was created to facilitate exports of your TOTP database, because Authy do not provide any way to access or port your TOTP tokens to another client.

It also somewhat documents Authy's protocol/encryption, since public materials on that are somewhat scarce.

Please be careful. You can get your Authy account suspended very easily by using this package. It does not hide itself or mimic the official clients.

Applications

authy-export

This program will enrol itself as an additional device on your Authy account and export all of your TOTP tokens in Key URI Format.

Installation

Pre-built binaries are available from the releases page.

Alternatively, it can be compiled from source, which requires Go 1.12 or newer:

go get github.com/alexzorin/authy/cmd/authy-export

To use it:

  1. Run authy-export
  2. The program will prompt you for your phone number country code (e.g. 1 for United States) and your phone number. This is the number that you used to register your Authy account originally.
  3. If the program identifies an existing Authy account, it will send a device registration request using the push method. This will send a push notification to your existing Authy apps (be it on Android, iOS, Desktop or Chrome), and you will need to respond that from your other app(s).
  4. If the device registration is successful, the program will save its authentication credential (a random value) to $HOME/authy-go.json for further uses. Make sure to delete this file and de-register the device after you're finished.
  5. If the program is able to fetch your TOTP encrypted database, it will prompt you for your Authy backup password. This is required to decrypt the TOTP secrets for the next step.
  6. The program will dump all of your TOTP tokens in URI format, which you can use to import to other applications.

If you notice any missing TOTP tokens, please try toggling "Authenticator Backups" in your Authy settings, to force your backup to be resynchronized.

How do you then import it into another app?

Up to you, depends on the app. If the app uses QR scanning, you can try stick all the dumped URIs into a file (tokens) and then scan each QR code from your terminal, e.g.:

#!/usr/bin/env bash
cat tokens | while IFS= read -r line; do
  clear
  echo -n "$line" | qrencode -t UTF8
  read -p $"Press any key to continue" key < /dev/tty
done

"My Twitch (or other site) token is different to the one I see in the Authy app?"

This is expected, depending on what the site is.

In Authy, there are two types of secrets:

  • Tokens: You sign up to a website, the website generates a TOTP secret, and you scan it via a QR code (in any app, not necessarily Authy). You can export that secret to other TOTP apps and the code will match.
  • Apps: The website has exported their TOTP flow to Authy's proprietary service, which requires you to use the Authy app. For sites like Twitch, Authy assigns a unique TOTP secret for every device you use the Authy app on. Each device will produce different 7-digit codes, but they will all work. If you deregister any device from your Authy account, that device's TOTP secrets will be revoked and its 7-digit codes will no longer work.

Twitch (and a handful of other sites) are the latter: Authy Apps.

Now, authy-export registers itself as a device on your Authy account. Per the explanation above, that means it is assigned a unique TOTP secret for sites like Twitch, which means it will generate different 7-digit codes to your primary Authy device. These codes will work as long as you don't deregister the authy-export device from your Authy account.

This is unfortunate, but the fact is: you cannot fully delete your Authy account if you want to keep using TOTP-based authentication with Twitch. If you do, all of the TOTP secrets will be revoked, and you will locked out of Twitch. It happened to me, and Twitch support chose to not help me out ^_^.

Batch support

When environment variable named AUTHY_EXPORT_PASSWORD exists, authy-export does not ask for a password and uses the variable instead. Use with care!

LICENSE

See LICENSE

Trademark Legal Notice

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].