Two-Factor Authentication Setup
Implement TOTP-based 2FA with secret generation, QR code URI, and backup codes.
このレシピの使いどころ
Add an extra security layer to your application. TOTP-based 2FA is used by Google Authenticator, Authy, and other apps. Backup codes ensure users aren't locked out.
ステップ
TOTP Generator
このツールを試す →Create the TOTP secret and QR URI
Secret Generator
このツールを試す →Create recovery backup codes
Hash Calculator
このツールを試す →Hash backup codes before storing
よくある質問
TOTP vs SMS for 2FA — which is better?
TOTP is significantly more secure. SMS is vulnerable to SIM swapping and interception attacks. NIST recommends against SMS-based 2FA for sensitive applications.
How should I store TOTP secrets?
Encrypt TOTP secrets at rest using AES-256. They must be recoverable (unlike passwords which are hashed one-way) because the server needs the secret to verify codes.
関連レシピ
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.