TOTP 제작자: Turistu
A TOTP generator that could be used with gmail, github and other sites which require 2FA.
사용자 858명사용자 858명
확장 메타 데이터
스크린샷
정보
This is a javascript implementation of a TOTP authenticator, using the browser's crypto API. It should do the exactly same thing as google's authenticator, the "oathtool --totp -b ..." command, or any other TOTP generating app.
The javascript code does not send to or fetch any data from anywhere remotely, and it should work the same when served over https, saved locally or used inside a browser extension.
Instead of implementing its own secret saving mechanism (with cookies or local storage), this extension is using the browser's password manager to save the TOTP keys, just like any other passwords.
Since the saved keys are attached to the extension's own "moz-extension://UUID" url, not to the website where they are used, it's not possible for hijacked websites to retrieve them by exploiting the form and passwords autofill mechanism.
This extension is also not using any content script which could be tricked into generating and filling in TOTP codes without user intervention.
Note for Linux/X11 users: Since their half-fix to the exploitable pastejack bug that I have reported, it's no longer possible to copy the totp code to the primary selection automatically upon it being generated. If you still want to paste it with a simple middle-button click, just click once more on the totp code when you see the "copied (for ctrl-V)" message. Sorry for that.
The javascript code does not send to or fetch any data from anywhere remotely, and it should work the same when served over https, saved locally or used inside a browser extension.
Instead of implementing its own secret saving mechanism (with cookies or local storage), this extension is using the browser's password manager to save the TOTP keys, just like any other passwords.
Since the saved keys are attached to the extension's own "moz-extension://UUID" url, not to the website where they are used, it's not possible for hijacked websites to retrieve them by exploiting the form and passwords autofill mechanism.
This extension is also not using any content script which could be tricked into generating and filling in TOTP codes without user intervention.
Note for Linux/X11 users: Since their half-fix to the exploitable pastejack bug that I have reported, it's no longer possible to copy the totp code to the primary selection automatically upon it being generated. If you still want to paste it with a simple middle-button click, just click once more on the totp code when you see the "copied (for ctrl-V)" message. Sorry for that.
13명이 4.6점으로 평가함
추가 정보
- 부가 기능 링크
- 버전
- 1.2.8
- 크기
- 12.99 KB
- 마지막 업데이트
- 2년 전 (2023년 11월 22일)
- 관련 카테고리
- 버전 목록
- 모음집에 추가