Browser extension to generate secure random passwords and QR codes.
Note
SMS verification is one of the weakest methods for two-factor authentication (2FA). 1 2
If possible, use a 📱software-based authenticator3, and disable other 2FA alternatives.
Visit CRX Viewer, and paste the extension's URL to view the source code from the web store.
The source code is fully readable, it is not minified nor obfuscated, so that you can easily inspect it.
If you are concerned about automatic updates, load the extension directly from the source code.
File | Author | Description |
---|---|---|
otp2fa.js |
@flipeador | One-time password implementation. |
qrcode.js |
@davidshimjs | QR code generator for the browser. |
Users can quickly generate cryptographically secure random passwords with customizable options when creating new accounts
or updating existing passwords, ensuring better protection against hacking attempts.
The password can be copied to the clipboard with a single click, or just press the Use
button and let the extension
automatically fill in the password field(s).
Each time an option is modified, it is saved in the session storage.
Items in the session storage area are stored in-memory and will not be persisted to disk.
Click the Save options
button to save the options in the local storage.
Items in the local storage area stored locally and cleared when the extension is removed.
The password
input field is never stored in the local storage.
The UI and functionality is inspired by @mar-kolya\secure-password-generator
.
Users can instantly create QR codes for text or authentication information given a issuer
, label
and secret
value.
Example: A user wants to enable 2FA with an authentication app on their smartphone. They can generate a custom QR code using the base32 encoded secret key displayed on the website. This is helpful when the default QR code provided doesn't meet the user's preferences, and the authentication app does not allow its modification.
otpauth://totp/ISSUER:LABEL?secret=SECRET&issuer=ISSUER
- If the
issuer
orlabel
fields are empty, generates a QR code just for the text in thesecret
input field. - If
label
is an email andsecret
is empty, gets the Gravatar profile image for the email address using sha256. - If all fields are provided, generates a QR code using the
otpauth://totp/
URI scheme, for your 2FA auth app. - If the
secret
field is a valid base32 string, generates a TOTP 6-digit passcode for the current time (SHA-1, 30s).
The QR code input fields are never stored in the local storage.
The unpacked extension can be loaded directly from the source code.
- Open the Extensions page by navigating to
chrome://extensions
in a new tab. - Enable the Developer Mode by clicking the toggle switch next to
Developer mode
. - Click the Load unpacked button and select the
extension
directory.
- Open the This Firefox page by navigating to
about:debugging#/runtime/this-firefox
. - Click the
Load Temporary Add-on
button, and select any file in theextension
directory. - The extension now installs, and remains installed until you restart the browser.
This project is licensed under the GNU General Public License v3.0. See the license file for details.