
HTML5 Google Authenticator - willfarrell
https://github.com/gbraad/html5-google-authenticator
======
Sami_Lehtinen
I were planning to make one. But then I found this. Afaik, many apps should be
made using html. Btw. I would like to see TOTP mentioned instead of
Google/Gauth. But I assume Google something is much cooler than anything else.
See: [https://en.wikipedia.org/wiki/Time-based_One-
time_Password_A...](https://en.wikipedia.org/wiki/Time-based_One-
time_Password_Algorithm) \- So it's generic TOTP implementation, not
Google(only) Authentication app trusting Google infrastructure. Also, there
might be local storage security issues with HTML5 apps, but I'm not expert in
that field.

~~~
gbraad
Recently also Dropbox started to use the same TOTP implementation for securing
with a two-factor auth. I have used the name G since they wrote the
specification and at the time of this implementation, they were the only user.

I wrote the application so I would be able to use 2FA on my 'aging' MeeGo
phone, the N9. No tools were available and implementing it with web
technologies would allow me to port it easily to a desktop environment, an
extension, etc.

------
josteink
I was wondering what I'd use this for (either as an end-user or as a
developer), when I found that people actually use their google-account for
two-factor authentication for their _SSH accounts_.

You know what? I don't trust Google enough to allow them to lock me out of my
own systems, and I'm surprised other obviously technologically inclined people
do.

~~~
icebraining
Google Authenticator is just a client for the open OATH protocol. It doesn't
rely on Google at all - there's no network connection, it's just a number
being calculated from a seed + the current time.

~~~
darklajid
Nitpicking: '... or a counter on the token/device'.

As far as I know Google Authenticator allows both time and counter based
accounts. Not that it changes anything regarding the GP's misconception about
accessing external services.

------
tlrobinson
So presumably it's compatible with any RFC 4226 / HOPT
(<https://tools.ietf.org/html/rfc4226> <http://en.wikipedia.org/wiki/HOTP>)
implementation?

~~~
gbraad
Yes, and has been tested to work with Dropbox, Amazon, Dreamhost, Google,
since they use different length of secrets.

------
zacharyvoase
At what point will we be dropping the '5' and just referring to it as 'HTML'?

~~~
skeletonjelly
Should follow Apple's lead and call the next spec The New HTML

~~~
mparlane
Followed closely by:

The New HTML 1.1

------
gbraad
You can open it online from: <http://gauth.apps.gbraad.nl/>

Or install it as an application from:
<https://build.phonegap.com/apps/135419/>

Chrome extension:
[https://chrome.google.com/webstore/detail/ilgcnhelpchnceeipi...](https://chrome.google.com/webstore/detail/ilgcnhelpchnceeipipijaljkblbcobl?utm_source=chrome-
ntp-icon)

And for those using FirefoxOS: <https://marketplace.mozilla.org/app/gauth-
authenticator/>

------
fr33104d
I've made a simple example hotp/totp implementation
(<https://github.com/bjornua/totp.py/blob/master/totp.py>) in Python 3 for
anyone interested.

------
zobzu
That's really cool for new mobile OSes. Time to "port" to Firefox OS ;)

------
abrowne
Great! This is a must-have app that I wasn't sure Firefox OS would have right
away.

