Add hint for URL sending

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-09-16 14:58:28 +00:00 · 2019-06-02 01:36:07 +02:00 · 2019-06-02 01:36:07 +02:00 · 2e917496d1
commit 2e917496d1
parent 6d60e8d1ba
1 changed files with 6 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -4,6 +4,12 @@

 My specific usecase for this is I do have accounts which OTP secrets are stored outside of my TOTP generator as usually I don't need to access those accounts and if I would add those secrets to my TOTP generator I would have a lot more entries in it. So I do store the secrets in a safe place and needed a convenient generator to generate single OTP tokens from them.

+You can even send the page with the OTP code to someone by appending the secret to the URL in the hash part:
+```
+https://webtotp.example.com/#mysecret
+```
+As long as you make sure it is in the hash-part (behind the `#`) the browser will not send the secret to the server but keep it locally in the browser. When sending the URL containing the secret make sure you are using a secured transport like [OTS](https://ots.fyi/) to ensure the chat / email provider is not able to fetch those secrets from the URL.
+
 ![](screenshot.png)

 ## Installation