Two-Factor Authentication Setup
Implement TOTP-based 2FA with secret generation, QR code URI, and backup codes.
Quando usar esta receita
Add an extra security layer to your application. TOTP-based 2FA is used by Google Authenticator, Authy, and other apps. Backup codes ensure users aren't locked out.
Etapas
TOTP Generator
Experimente esta ferramenta →Create the TOTP secret and QR URI
Secret Generator
Experimente esta ferramenta →Create recovery backup codes
Hash Calculator
Experimente esta ferramenta →Hash backup codes before storing
Perguntas frequentes
TOTP vs SMS for 2FA — which is better?
TOTP is significantly more secure. SMS is vulnerable to SIM swapping and interception attacks. NIST recommends against SMS-based 2FA for sensitive applications.
How should I store TOTP secrets?
Encrypt TOTP secrets at rest using AES-256. They must be recoverable (unlike passwords which are hashed one-way) because the server needs the secret to verify codes.
Receitas relacionadas
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.