Two-Factor Authentication Setup
Implement TOTP-based 2FA with secret generation, QR code URI, and backup codes.
이 레시피 활용 시점
Add an extra security layer to your application. TOTP-based 2FA is used by Google Authenticator, Authy, and other apps. Backup codes ensure users aren't locked out.
단계
TOTP Generator
이 도구 사용해보기 →Create the TOTP secret and QR URI
Secret Generator
이 도구 사용해보기 →Create recovery backup codes
Hash Calculator
이 도구 사용해보기 →Hash backup codes before storing
자주 묻는 질문
TOTP vs SMS for 2FA — which is better?
TOTP is significantly more secure. SMS is vulnerable to SIM swapping and interception attacks. NIST recommends against SMS-based 2FA for sensitive applications.
How should I store TOTP secrets?
Encrypt TOTP secrets at rest using AES-256. They must be recoverable (unlike passwords which are hashed one-way) because the server needs the secret to verify codes.
관련 레시피
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.