ToolypetMCP
intermediate4 minutessecurity

TOTP Implementation Audit

Audit TOTP 2FA implementation: verify secret generation, code validation, and backup code handling.

totp2faauditauthenticationcompliance

이 레시피 활용 시점

Verify your 2FA implementation follows best practices. Test standard and enhanced TOTP configs, ensure backup codes are properly generated and stored.

단계

1

TOTP Generator

이 도구 사용해보기

Generate standard TOTP

프롬프트:Generate TOTP with SHA-1, 6 digits, 30-second period — the standard Google Authenticator config
2

TOTP Generator

이 도구 사용해보기

Generate enhanced TOTP

프롬프트:Generate TOTP with SHA-256, 8 digits, 60-second period — enhanced security variant
3

Secret Generator

이 도구 사용해보기

Create backup codes

프롬프트:Generate 10 backup recovery codes (12 characters each, alphanumeric uppercase)
4

Hash Calculator

이 도구 사용해보기

Secure backup code storage

프롬프트:Hash each backup code with bcrypt for secure database storage

자주 묻는 질문

SHA-1 vs SHA-256 for TOTP — does it matter?

SHA-1 is the standard (RFC 6238) and compatible with all authenticator apps. SHA-256 is more secure but not universally supported. Stick with SHA-1 for compatibility.

How many backup codes should I provide?

8-10 single-use codes. Store hashes only (like passwords). Mark as used after each use. Allow regeneration which invalidates all previous codes.

관련 레시피

Secure Password Workflow

Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.

Web Security Header Audit

Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.

JWT Authentication Setup

Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.

API Security Hardening

Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.

전체 레시피로 돌아가기