https://github.com/dkosmari/gnome-shell-extension-totp
A GNOME Shell extension to generate Time-based One-Time Passwords (TOTP aka Time-based OTP) for websites that use 2FA.
https://github.com/dkosmari/gnome-shell-extension-totp
2fa 2factor cryptography gnome gnome-shell gnome-shell-extension javascript otp otp-generator otpauth security totp
Last synced: 10 months ago
JSON representation
A GNOME Shell extension to generate Time-based One-Time Passwords (TOTP aka Time-based OTP) for websites that use 2FA.
- Host: GitHub
- URL: https://github.com/dkosmari/gnome-shell-extension-totp
- Owner: dkosmari
- License: gpl-3.0
- Created: 2024-02-26T13:46:41.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2025-04-22T00:19:03.000Z (about 1 year ago)
- Last Synced: 2025-05-05T04:14:49.159Z (about 1 year ago)
- Topics: 2fa, 2factor, cryptography, gnome, gnome-shell, gnome-shell-extension, javascript, otp, otp-generator, otpauth, security, totp
- Language: JavaScript
- Homepage:
- Size: 1.7 MB
- Stars: 13
- Watchers: 1
- Forks: 3
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: COPYING
- Authors: AUTHORS
Awesome Lists containing this project
README
TOTP
====
This is a GNOME Shell extension to generate TOTP (Time-based OTP) authentication codes
(such as the ones used by Google, Facebook, Github, Steam, etc).
Security
--------
The OTP secret is stored in the [GNOME
Keyring](https://wiki.gnome.org/Projects/GnomeKeyring), in a separate collection called
"OTP". For improved security, users can lock this collection with its own password.
During normal usage, the extension will load the specific OTP secret (unlocking the
Keyring if necessary), copy the authentication code to the clipboard, and immediately wipe
the OTP secret from memory.
In the preferences window, sensitive data (the "otpauth://" URIs) are automatically
erased from the clipboard after a few seconds (30 by default).
Installing from GNOME Shell Extensions website
----------------------------------------------
The extension can be obtained from the [GNOME Shell Extensions
website](https://extensions.gnome.org/extension/6793/totp/).
Installing from sources
-----------------------
Prerequisites:
- [make](https://www.gnu.org/software/make/)
- [jq](https://stedolan.github.io/jq/)
Run:
make install
Importing and exporting URIs
----------------------------
It's possible to import and export OTP secrets that conform to [Google's Key URI
Format](https://github.com/google/google-authenticator/wiki/Key-Uri-Format). This format
is compatible with applications like Google Authenticator, FreeOTP, Authy, etc.
Scanning QR codes
-----------------
It's possible to scan QR codes from a camera and from the clipboard, if you have the
[ZBar](https://zbar.sourceforge.net/) package installed. In some distros (like Debian and
Ubuntu) the package is named `zbar-tools`.
Exporting QR code
-----------------
It's possible to export the OTP secret as a QR code to be scanned into other devices, if
you have the [qrencode](https://fukuchi.org/works/qrencode/) package installed.
Importing Steam Guard secret
----------------------------
You can generate Steam Guard Mobile Authenticator codes, by importing the "shared secret"
from your Android phone.
See the [Steam Guard](steam.md) document for more details.
Related extensions
------------------
When using this extension on a laptop, it's a good idea to also install [Keyring
Autolock](https://extensions.gnome.org/extension/6846/keyring-autolock/). It will ensure
your Keyring gets locked after a period of time, so you never forget to keep your OTP
secrets protected.