|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Glauth||2,083||3||2 days ago||25||July 03, 2023||56||mit||Go|
|A lightweight LDAP server for development, home use, or CI|
|Otp||1,873||340||1,074||15 days ago||7||December 13, 2022||5||apache-2.0||Go|
|TOTP library for Go|
|Google Authenticator Libpam||1,584||11 days ago||1||March 03, 2021||60||apache-2.0||C|
|Rotp||1,524||2,527||63||a month ago||38||December 13, 2022||3||mit||Ruby|
|Ruby One Time Password library|
|Freeotp Android||1,210||7 days ago||121||apache-2.0||Java|
|Otphp||1,139||96||39||2 months ago||52||November 11, 2022||2||mit||PHP|
|:closed_lock_with_key: A PHP library for generating one time passwords according to RFC 4226 (HOTP) and the RFC 6238 (TOTP)|
|Guac Install||859||a month ago||45||Shell|
|Script for installing Guacamole on Ubuntu|
|Arc||735||3 years ago||34||March 12, 2021||4||gpl-3.0||Go|
|A manager for your secrets.|
|One Time Password (HOTP/TOTP) library for Node.js, Deno, Bun and browsers.|
|Node One Time Password library, supports HOTP, TOTP and works with Google Authenticator|
One Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to Multi-factor authentication without adding a dependency on a SMS provider. This Password and TOTP combination is used by many popular websites including Google, GitHub, Facebook, Salesforce and many others.
otp library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.
Because TOTP is standardized and widely deployed, there are many mobile clients and software implementations.
For an example of a working enrollment work flow, GitHub has documented theirs, but the basics are:
key,_ := totp.Generate(...).
GenerateCodefunction and a counter or
time.Timestruct to generate a valid code compatible with most implementations.
GenerateCodeCustomin either module.
When a user loses access to their TOTP device, they would no longer have access to their account. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, this is a common problem. For this reason many providers give their users "backup codes" or "recovery codes". These are a set of one time use codes that can be used instead of the TOTP. These can simply be randomly generated strings that you store in your backend. Github's documentation provides an overview of the user experience.
Please open issues in Github for ideas, bugs, and general thoughts. Pull requests are of course preferred :)
otp is licensed under the Apache License, Version 2.0