Open Two Factor Authenticator An open-source two-factor authenticator that can be synchronized
Support Development
PayPal ● 
Bitcoin Address: bc1qh7juzrxrawpr65elm4qs285m5rdhnhgsn7h2jf
Lightning Address: [email protected]
Your Input Matters
The "Open Two-Factor Authenticator" extension is an open-source two-factor authenticator for browsers and smartphones, providing a secure yet synchronizable solution. Your encryption keys are safely stored within your browser storage (version 0.2.x) or a designated local directory (version 0.1.x), allowing seamless synchronization across numerous devices with the standard synchronization process. These local key files are subjected to SHA-256 encryption, safeguarding their contents. The secret code only be accessed by using the master password. Neither the browser nor external software can decipher them independently.



  1. What is Open Two-Factor Authenticator extension and how does it work?

    The 'Open Two-Factor Authenticator" extension generates one-time tokens necessary for web services demanding two-factor authentication (2FA). Once installed, access the user interface (UI) to designate a master password for your encryption keys. In version 0.1.x, the option exists to specify a destination local directory for storing keys. This directory becomes accessible to all instances of the application, thus enabling synchronization capabilities between them. In version 0.2.x, all confidential data is securely stored within the browser's storage space, ensuring synchronization across all logged-in devices.

    Remember, the master password remains the sole means for decrypting the files. If this password is forgotten, there will be no method to decrypt the files and have access to the 2FA codes. Upon logging in, a plus button will be visible on the top right side of the interface. Press this button whenever you wish to include a new token in the repository. Typically, web services provide a QR code instead of directly issuing the token string. Employ the "Scan a QR code" button to decode the image and save it to the internal storage.

    A fresh entry will appear in the main interface by adding a token to the repository. By selecting this entry, a one-time token will be generated, ready for use as a means of logging into the respective provider's web service.

  2. Why can I no longer view my credentials after transitioning to version 0.2.x?

    The shift to version 0.2.x involves a change in how your data is stored. In the previous 0.1.x version, a local directory was used to store your secure files in *.bin format (binary data represented in a text file). However, with the introduction of the 0.2.x version, a different approach is taken – it employs the synchronized storage of your browser. Consequently, the 0.2.x version no longer has access to the old local directory. You can still access your old encrypted data despite the storage change in this new version. Just use the "Plus" button and follow the provided importing instructions. It's important to note that to maintain storage synchronization with version 0.2.x, you'll need to ensure that your browser is synchronized across all needed devices.

  3. Could you explain the concept of two-factor authentication?

    Two-factor authentication, often abbreviated as 2FA or referred to as 2-Step Verification, offers a method for user identification that involves the use of two distinct components. These components might consist of something the user is aware of, something the user possesses, or something inherently linked to the user. The correct conjunction of a password and a personal identification number (PIN) is essential for ensuring secure access to web services. This approach falls under the category of multi-factor authentication.

  4. How can I activate the two-factor authentication on services like Google, Microsoft, and Evernote?

    To enable two-factor authentication on Google, please access

    For Microsoft accounts, follow the guidelines at

    For your Evernote account, refer to this blog post.

    If you're interested in setting up two-factor authentication on other services, conduct a search using the term "two-factor authentication" along with the name of the particular service.

  5. How secure is the "Open Two-Factor Authenticator" extension?

    Open Two-Factor Authenticator employs the AES-CBC algorithm to encrypt your secret key and additional information. This resulting binary string is subsequently stored locally in a plain text format (post base64 encoding). Through this approach, all your authentication details are stored on your device and remain accessible across multiple devices, all while maintaining the security of your credentials.

  6. (version 0.2.x) How can I synchronize the extension's tokens across different devices?

    To achieve synchronization, ensure you use the same browser on all devices requiring the 2FA token generation. Your browser is responsible for automatically synchronizing the storage. After logging in, patiently await the completion of the synchronization process before accessing the user interface.

  7. (version 0.1.x) What's the procedure for synchronizing multiple instances of Open Two-Factor Authenticator?

    Following the initial setup, locate the "Custom Repository" button. Click on it and direct the application to the folder including your stored credentials. When Open Two-Factor Authenticator identifies at least one encrypted file within the designated directory, the user interface shifts from registration to login mode. This alteration allows you to input your previous passkey, granting you access to the token.

  8. What can I do if I cannot recall my master passkey?

    There exist no viable means to retrieve your credentials if the master password slip from memory. It is strongly advised to generate backup codes. These codes facilitate logging into the web service and obtaining a fresh QR code. For instance for Google, to generate backup codes, visit

  9. What does happen if I enter a wrong master password?

    Nothing bad happens. However, the accounts you added will no longer be visible in the token window. Interestingly, you can use multiple master passwords for a single repository. Consequently, only those accounts that are successfully decrypted using the specific master password will be displayed after logging in.

  10. Will the "Open Two-Factor Authenticator" extension retain my master password?

    No, your master password will not be stored. On the 0.2.x version, the extension forgets the password when you close the popup interface. On the 0.1.x version, the extension deletes the password after 5 minutes of inactivity.

  11. Why are my accounts no longer visible after inputting the master password?

    This issue arises when an incorrect master password is used. To resolve this, close the application (or use the "Exit" button), then reopen it and input the master password once again.

  12. (version 0.1.x) What's the process for synchronizing "Open Two-Factor Authenticator" on Firefox for Android with the desktop edition?

    To accomplish this, you require a file synchronization tool that supports offline syncing on mobile devices. First, copy all your credentials from the initial directory and paste them into the directory designated for syncing. Following this, configure both instances of Open Two-Factor Authenticator to utilize this synchronized directory. You can, for instance, use the "Syncthing" peer-to-peer file synchronization application that supports Android and Desktop operating systems.

Matched Content


Please keep reviews clean, avoid improper language, and do not post any personal information. Also, please consider sharing your valuable input on the official store.

What's new in this version

Change Logs:
    Last 10 commits on GitHub
    Hover over a node to see more details

    Need help?

    If you have questions about the extension, or ideas on how to improve it, please post them on the  support site. Don't forget to search through the bug reports first as most likely your question/bug report has already been reported or there is a workaround posted for it.

    Open IssuesIssuesForks

    Editorial Review

    An increasing number of activities today rely on web based services. From shopping to education, web based products and services are taking the leading role in providing what consumers need, when they need it. One of the most important challenges when it comes to such services is security, particularly in regards to authorized access. While most major websites use verified and secure services, there is always the chance of unauthorized access that must be eliminated in order to maintain and control proper access to products. Part of this process is two-factor authentication. Also referred to as 2FA or 2-Step Verification, this process involves proving or verifying the identity of users by combining 2 separate components. These components may be information or a key that the user knows or possesses. Only the correct combination of both components at the same time allows access to a secure web session. Having its origins in the security concept of multi-factor authentication, 2FA relies on encrypting key files that store personal or identifying data.

    Open Two Factor Authenticator is a one time token generator that manages web access for secure services such as payments and other personal services (such as Google, Microsoft, or Amazon). It works by using a master password and specific keys to control access of external applications to your personal data. All of your personal data, along with other information that you choose, is securely kept in a local directory. In order to prevent any unauthorized access, the master password cannot be reset. You can also sync all the encrypted secure keys to work with your accounts on different devices.

    Here are some of the unique built in features available with Open Two Factor Authenticator to make your web browsing experience more secure:

    An added feature of Open Two Factor Authenticator is that it can be synced to manage multiple instances or multiple user sessions at the same time, without having to log out of all services and log back in again.
 You can also use a file syncing software to use Open Two Factor Authenticator on mobile devices.
 Please note that the master password cannot be reset, and the developer recommends keeping original QR codes in a safe place so that you can access them later. Users are also asked to generate one-time keys when the two factor authentication process is enabled in web services.

    Recent Blog Posts