Two-Factor Auth Guide

TOTP vs HOTP

FeatureTOTPHOTP
StandardRFC 6238RFC 4226
BasisTime (30s window)Counter
Use CaseGoogle Auth, AuthyHardware tokens
Expiry30sUntil used

Implementation Examples

npm install otplib const { authenticator } = require('otplib'); // Generate secret const secret = authenticator.generateSecret(); console.log('Secret:', secret); // Generate OTP URL for QR code const otpauth = authenticator.keyuri('[email protected]', 'MyApp', secret); // Verify token const token = authenticator.generate(secret); const isValid = authenticator.verify({ token, secret });
pip install pyotp qrcode import pyotp, qrcode # Generate secret secret = pyotp.random_base32() # TOTP totp = pyotp.TOTP(secret) print(totp.now()) # Current code print(totp.verify('123456')) # Verify # QR code URL uri = totp.provisioning_uri("[email protected]", issuer_name="MyApp")
go get github.com/pquerna/otp/totp import "github.com/pquerna/otp/totp" // Generate key key, _ := totp.Generate(totp.GenerateOpts{ Issuer: "MyApp", AccountName: "[email protected]", }) // Validate code valid := totp.Validate(code, key.Secret())

QR Code otpauth:// Format

otpauth://totp/LABEL?secret=SECRET&issuer=ISSUER&algorithm=SHA1&digits=6&period=30
ParameterDescription
secretBase32 encoded shared secret
algorithmSHA1 (default), SHA256, SHA512
digits6 or 8
period30s (default)

Outils associés

🔒 MD5 Hash Generate MD5 hash of text 🔒 SHA1 Hash Generate SHA1 hash of text 🔒 SHA256 Hash Generate SHA256 hash of text 🔒 SHA512 Hash Generate SHA512 hash of text 🔒 SHA3 Hash Generate SHA3-256 hash of text 🔑 HMAC Generator Generate HMAC auth codes with key 🔑 Bcrypt Hash Generate and verify bcrypt hashes 🔐 AES Encrypt/Decrypt AES symmetric encrypt and decrypt 🎲 UUID Generator Generate v1/v4/v5 standard UUIDs 🎲 ULID Generator Generate sortable ULID identifiers 🎲 Nano ID Generator Generate compact random string IDs 🔑 Password Generator Generate secure random passwords