A secure, client-side, browser-based application for generating Time-based One-Time Passwords (TOTP), commonly used for Two-Factor Authentication (2FA).
This tool provides a simple and secure way to generate your 2FA codes without needing a phone or a dedicated desktop application. Since it runs entirely in your browser, your secret keys are never sent to any server, ensuring your accounts remain secure.
- Real-time TOTP Generation: Generates 6-digit codes based on the standard TOTP algorithm.
- Client-Side Security: Your 2FA secret key is processed entirely in your browser and is never stored or transmitted.
- Visual Timer: A progress bar shows the time remaining until a new code is generated (typically 30 seconds).
- Copy to Clipboard: Easily copy the generated code with a single click.
- Input Validation: Provides instant feedback for invalid or malformed secret keys.
- Responsive Design: Works seamlessly on both desktop and mobile browsers.
- Modern Tech Stack: Built with React 19, Vite, and TypeScript.
Follow these instructions to get a copy of the project up and running on your local machine.
-
Clone the repository:
git clone https://github.com/pylarco/2fa.git cd 2fa-authenticatorNote: The repository URL is based on information from the source code. Replace with the correct URL if different.
-
Install dependencies:
npm install
-
Run the development server:
npm run dev
The application will be available at
http://localhost:5173(or another port if 5173 is in use).
- Get your 2FA Secret Key: When you enable 2FA on a service (like Google, GitHub, etc.), you are usually given a QR code and a "manual entry" key or "secret key". Copy this secret key. It's a string of letters and numbers.
- Paste the Key: Open the Authenticator app in your browser and paste the secret key into the input field.
- Generate Code: The app will immediately generate a 6-digit TOTP code.
- Copy Code: Click the copy button next to the code.
- Use the Code: Paste the code into the 2FA prompt on the service you are logging into.
The code will automatically refresh every 30 seconds.
This application is designed with security as a top priority.
- No Server-Side Processing: All TOTP generation logic happens locally in your browser using JavaScript.
- No Data Transmission: Your secret keys are never sent over the network.
- No Storage: The secret key is held only in the application's memory while the tab is open. It is not stored in
localStorage, cookies, or any other persistent browser storage. Closing the browser tab will clear the key.
For maximum security, it is recommended to run this application locally on your machine or host it on a trusted private server.
- Frontend: React 19
- Build Tool: Vite
- Language: TypeScript
- Styling: Tailwind CSS (via CDN)
- TOTP Logic: otpauth library