/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

stefansundin.github.io
| | feeding.cloud.geek.nz
3.1 parsecs away

Travel
| | [AI summary] This article discusses the current state of TOTP two-factor authentication in 2025, highlighting interoperability issues and security considerations with various authenticator apps.
| | zserge.com
3.4 parsecs away

Travel
| | Many of us use one-time passwords (OTP) regularly to log into different services. Most probably rely on Google Authenticator and similar tools. But what about building one by ourselves?
| | labanskoller.se
3.1 parsecs away

Travel
| | You probably use an "authenticator app" such as Google Authenticator to enable two-step verification (sometimes called two-factor authentication, 2FA, or multi-factor authentication, MFA) for an online account. The method is called Time-Based One-Time Password Algorithm (TOTP) and is standardized in RFC 6238. In October 2017 when I evaluated HashiCorp Vault for generating and storing TOTP secrets for a system at work I realized that the Android version and iOS version of Google Authenticator differed a lot when it comes to which modes are supported.
| | rcoh.me
5.0 parsecs away

Travel
| I always wondered how Google Authenticator style 2-factor codes worked. The process of going from QR code to rotating 6-digit pin seemed a bit magical. A few days ago, my curiosity found itself coupled with some free time. Here's what I found: What's in the QR Code I scanned the QR code from Github with a barcode scanning app. Here's what's inside: otpauth://totp/Github:rcoh?secret=onswg4tforrw6zdf&issuer=Github Not too surprising. It tells us the protocol, TOTP, who is issuing this OTP code (Github), and most importantly the secret:1