Show HN: TOTP authentication web service

Show HN: TOTP authentication web service(totp.me)

10 points by 29J 11 years ago | 5 comments

29J 11 years ago |

I recently implemented TOTP authentication[1] for a webapp of mine. Then I decided to extract it into its own web service offering, because I thought it was one of those things that was easy for people to implement insecurely if they weren't careful.

This is the V1. I'm trying to get a sense of whether implementing TOTP auth is a pain point for anyone and to develop this project further.

The way it works is that you redirect your website's users to it for authentication or master secret provisioning, and it redirects them back to you with a pass/fail response when done.

[1] http://en.wikipedia.org/wiki/Time-based_One-time_Password_Al...

ctime 11 years ago | |

Why don't you open source the code instead? Then sell it as a service that you support.

ClassicFarris 11 years ago |

Is there a demo (or video) of how your TOTP service would work? I'm having a difficult time visualizing the flow and requirements.

29J 11 years ago | |

Yes, under the fourth tab on the website.

akerl_ 11 years ago |

Is there a description somewhere for how they're handling the security of secret keys on their end?

Also, it looks like the libraries are only offered as tarballs and are being served over HTTP?