luzifer/webtotp
1
0
Fork 0
mirror of https://github.com/Luzifer/webtotp.git synced 2024-11-08 07:20:07 +00:00
Code Issues Releases Wiki Activity

Add hint for URL sending

Browse source 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2019-06-02 01:36:07 +02:00
parent 6d60e8d1ba
commit 2e917496d1
Signed by: luzifer
GPG key ID: DC2729FDD34BE99E
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -4,6 +4,12 @@
My specific usecase for this is I do have accounts which OTP secrets are stored outside of my TOTP generator as usually I don't need to access those accounts and if I would add those secrets to my TOTP generator I would have a lot more entries in it. So I do store the secrets in a safe place and needed a convenient generator to generate single OTP tokens from them.
You can even send the page with the OTP code to someone by appending the secret to the URL in the hash part:
```
https://webtotp.example.com/#mysecret
```
As long as you make sure it is in the hash-part (behind the `#`) the browser will not send the secret to the server but keep it locally in the browser. When sending the URL containing the secret make sure you are using a secured transport like [OTS](https://ots.fyi/) to ensure the chat / email provider is not able to fetch those secrets from the URL.
![](screenshot.png)
## Installation