Skip to content

FilipBlazekovic/totpy-mobile-authenticator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
app
app
 
 
doc/img
doc/img
 
 
gradle
gradle
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradle.properties
gradle.properties
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

Totpy

Mobile authenticator for generating one-time passwords based on TOTP Protocol.
Compatible desktop version of this app is also available: totpy-desktop-authenticator.

Tokens for one-time passwords are protected using asymmetric key pair (RSA or EC) stored in device's secure hardware (StrongBox or TEE).

Supports:

  • protection of tokens using screen lock credentials (mandatory)
  • remotely deleting tokens by sending an SMS message containing a predefined phrase (additional protection in case a device gets stolen)
  • sorting tokens based on category (work, personal, email, ...)
  • search based on token category, issuer or account
  • adding tokens by scanning a QR code, entering OTPAuth URI, or manually entering values for required token parameters
  • exporting tokens to a file protected by a password or second authenticator's asymmetric key
  • importing tokens from a locked export file

01.png

USING CATEGORIES TO SORT TOKENS

01.png

TRANSFERRING A SINGLE TOKEN TO A SECOND AUTHENTICATOR APP

A QR code containing an OTPAuth URI for a token compatible with any 2FA app is presented by clicking on a QR code button on the side of a token panel.

03.png

EXPORTING TOKENS

Tokens can be exported to a file for backup or transfer to a second authenticator app.
The generated export file containing encrypted tokens will be compatible with mobile and desktop versions of this app.

To generate a password-protected export:

  1. select "Export" option in the top menu
  2. select tokens you wish to export and click on the export button on the bottom of the UI
  3. select "Protect with password" option in the popup dialog that appears and define a password

04.png

To generate an asymmetric-key protected export:

  1. select "Export" option in the top menu
  2. select tokens you wish to export and click on the export button on the bottom of the UI
  3. select "Protect with public key" option in the popup dialog that appears by pressing a button to scan the public key from a QR code, or a button to load a public key from a file

05.png

To view or save the public key of a second authenticator to which you wish to transfer tokens to, select "Show Public Key" dialog in the top menu of that authenticator app.

06.png

File export_locked.json containing tokens encrypted with AES/GCM will be generated.

IMPORTING TOKENS

Select "Import" option in the top menu and select the locked export file from which you with to import tokens. In case tokens are locked using this device's asymmetric key they are automatically decrypted and imported, otherwise password input dialog is shown.

08.png

SETTING-UP REMOTE WIPE

Select "Setup Remote Wipe" in the top menu and define a phrase that will trigger deletion of tokens. A foreground service will be started which will search through SMS messages in inbox directory every 3 minutes for the specified keyphrase.

08.png

About

Mobile authenticator for generating one-time passwords (OTP)

Topics

android totp authenticator-app

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages