ToolypetMCP
intermediate4 minutessecurity

TOTP Implementation Audit

Audit TOTP 2FA implementation: verify secret generation, code validation, and backup code handling.

totp2faauditauthenticationcompliance

このレシピの使いどころ

Verify your 2FA implementation follows best practices. Test standard and enhanced TOTP configs, ensure backup codes are properly generated and stored.

ステップ

1

TOTP Generator

このツールを試す

Generate standard TOTP

プロンプト:Generate TOTP with SHA-1, 6 digits, 30-second period — the standard Google Authenticator config
2

TOTP Generator

このツールを試す

Generate enhanced TOTP

プロンプト:Generate TOTP with SHA-256, 8 digits, 60-second period — enhanced security variant
3

Secret Generator

このツールを試す

Create backup codes

プロンプト:Generate 10 backup recovery codes (12 characters each, alphanumeric uppercase)
4

Hash Calculator

このツールを試す

Secure backup code storage

プロンプト:Hash each backup code with bcrypt for secure database storage

よくある質問

SHA-1 vs SHA-256 for TOTP — does it matter?

SHA-1 is the standard (RFC 6238) and compatible with all authenticator apps. SHA-256 is more secure but not universally supported. Stick with SHA-1 for compatibility.

How many backup codes should I provide?

8-10 single-use codes. Store hashes only (like passwords). Mark as used after each use. Allow regeneration which invalidates all previous codes.

関連レシピ

Secure Password Workflow

Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.

Web Security Header Audit

Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.

JWT Authentication Setup

Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.

API Security Hardening

Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.

すべてのレシピに戻る