

Show HN: TOTP authentication web service - 29J
http://www.totp.me

======
29J
I recently implemented TOTP authentication[1] for a webapp of mine. Then I
decided to extract it into its own web service offering, because I thought it
was one of those things that was easy for people to implement insecurely if
they weren't careful.

This is the V1. I'm trying to get a sense of whether implementing TOTP auth is
a pain point for anyone and to develop this project further.

The way it works is that you redirect your website's users to it for
authentication or master secret provisioning, and it redirects them back to
you with a pass/fail response when done.

[1] [http://en.wikipedia.org/wiki/Time-based_One-
time_Password_Al...](http://en.wikipedia.org/wiki/Time-based_One-
time_Password_Algorithm)

~~~
ctime
Why don't you open source the code instead? Then sell it as a service that you
support.

------
ClassicFarris
Is there a demo (or video) of how your TOTP service would work? I'm having a
difficult time visualizing the flow and requirements.

~~~
29J
Yes, under the fourth tab on the website.

------
akerl_
Is there a description somewhere for how they're handling the security of
secret keys on their end?

Also, it looks like the libraries are only offered as tarballs and are being
served over HTTP?

