FreeOTP is a two-factor authentication application for systems utilizing one-time password protocols

Related tags

App freeotp-android
Overview

Build Status

FreeOTP

FreeOTP is a two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code.

FreeOTP implements open standards:

  • HOTP (HMAC-Based One-Time Password Algorithm) RFC 4226
  • TOTP (Time-Based One-Time Password Algorithm) RFC 6238

This means that no proprietary server-side component is necessary: use any server-side component that implements these standards.

Download FreeOTP for Android

Contributing

Pull requests on GitHub are welcome under the Apache 2.0 license, see COPYING.

Permissions

The FreeOTP app uses the following permissions

Permission Usage Required Permission type
Camera Recognition of QR codes No Dangerous
Internet Token image provisioning No Normal
Comments
  • Custom icons are not persistent

    Custom icons are not persistent

    Reported by flasheater on 12 Dec 2014 23:48 UTC Possibly related to #32.

    1. Set custom Icon using the Google Photos app
    2. Switch to another app and switch back Icon is now back to default.

    Android Cyanogenmod 11 Nexus 5

    opened by npmccallum 17
  • Remove unnecessary permissions

    Remove unnecessary permissions

    Reported by dbrgn on 14 Jun 2016 12:15 UTC The INTERNET and READ_EXTERNAL_STORAGE permissions seem to be unused. They should be removed.

    Patch is attached. Alternatively, you can pull from my fork:

    $ git remote add dbrgn https://github.com/dbrgn/freeotp $ git pull dbrgn/master

    (I know people that did not want to use FreeOTP because it used the internet permission.)

    opened by npmccallum 14
  • Data should be encrypted

    Data should be encrypted

    Reported by simo on 12 Dec 2013 16:21 UTC Application data can be accessed on rooted devices or by getting access to backups (esp. on the cloud), it should be possible (and actually encouraged by a setup wizard on app. startup) to encrypt the data store, and decrypt it at application statrup via password/pin/gesture/biometrics/whatever :)

    opened by npmccallum 12
  • Development

    Development

    Hello

    Is this app still under development?

    F-Droid says that it has "a known vulnerability". And I am wondering what that might be.

    Thanks for that amazing app!

    opened by amilopowers 10
  • Is FreeOTP dead/abandoned?

    Is FreeOTP dead/abandoned?

    Looking at the android store listing and the issues here, the app hasn't been updated in like 4 years and lots of people claim development has been abandoned. However, the renaissance project appears to be active and it looks like someone made a new commit only a couple of months ago.

    TL;DR: What is the current status of development on this app?

    question 
    opened by Hime0698 7
  • fix(image-picker): save images in storage

    fix(image-picker): save images in storage

    downloads images from the internet or saves the images you selected in the application itself based on and replaces PR 83

    Fixes #32 Fixes #39 Fixes #51 Fixes #83 Fixes #87 Fixes #104

    opened by max-wittig 7
  • Adds an offset functionality

    Adds an offset functionality

    Some people like to have their phone's time configured ahead of the actual time. That's why this contribution allows to define the time offset. It's kind of like travelling in time ;)

    The icon is taken from Google's Material Design Icons library [1] and is itself licensed under Apache License [2], so this should not become a problem I hope.

    [1] https://github.com/google/material-design-icons [2] https://github.com/google/material-design-icons/blob/68e015dbbb6b730b5fe4934e8507cd5a465c8a3d/LICENSE

    opened by cimnine 7
  • Unable to manually enter otpauth:// URL

    Unable to manually enter otpauth:// URL

    I have a phone with a broken camera, so QR codes are not easily available for it. I noticed that if you manually enter an otpauth:// URI to get it to load it in FreeOTP it does not bounce over to the app as you would expect. Can it register itself as a handler for those URIs so manual entry or copy/paste would work?

    opened by rmonk 6
  • Suggestion for future proofing - Steam Guard

    Suggestion for future proofing - Steam Guard

    So lemme preface this by saying that I really don't know the inner workings of 2 Factor Authentication. However, I do know is that getting a 5 alphanumeric character code is possible, which is what steam uses. See: https://github.com/winauth/winauth

    I'm not having much luck finding an android app that does both alphanumeric and up to 8 digits. I would love to make the switch from Authy and Steam Guard to just Freeotp.

    To find your steam secret from your android device install and setup steam guard and edit: /data/data/com.valvesoftware.android.steam.community/files/SteamGuard-InsertCharactersHere

    opened by Keaft 6
  • Crash at startup on Lollipop:  the key must be an application-specific resource id

    Crash at startup on Lollipop: the key must be an application-specific resource id

    Reported by anisse on 21 Nov 2014 10:25 UTC The app crashes on Lollipop on start. Here is the logcat:

    I/ActivityManager( 749): START u0 {act=android.intent.action.MAIN cat=[flg=0x10200000 cmp=org.fedorahosted.freeotp/.MainActivity bnds=276,871[540,1167](has extras)} from uid 10022 on display 0 I/ActivityManager( 749): Start proc org.fedorahosted.freeotp for activity org.fedorahosted.freeotp/.MainActivity: pid=7785 uid=10131 gids={50131, 9997, 3003, 1028} abi=armeabi-v7a D/OpenGLRenderer( 7785): Render dirty regions requested: true D/Atlas ( 7785): Validating map... D/AndroidRuntime( 7785): Shutting down VM E/AndroidRuntime( 7785): FATAL EXCEPTION: main E/AndroidRuntime( 7785): Process: org.fedorahosted.freeotp, PID: 7785 E/AndroidRuntime( 7785): java.lang.IllegalArgumentException: The key must be an application-specific resource id. E/AndroidRuntime( 7785): at android.view.View.setTag(View.java:17185) E/AndroidRuntime( 7785): at org.fedorahosted.freeotp.BaseReorderableAdapter.getView(BaseReorderableAdapter.java:101) E/AndroidRuntime( 7785): at android.widget.AbsListView.obtainView(AbsListView.java:2344) E/AndroidRuntime( 7785): at android.widget.GridView.onMeasure(GridView.java:1060) E/AndroidRuntime( 7785): at android.view.View.measure(View.java:17430) E/AndroidRuntime( 7785): at android.widget.LinearLayout.measureVertical(LinearLayout.java:875) E/AndroidRuntime( 7785): at android.widget.LinearLayout.onMeasure(LinearLayout.java:613) E/AndroidRuntime( 7785): at android.view.View.measure(View.java:17430) E/AndroidRuntime( 7785): at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:5463) E/AndroidRuntime( 7785): at android.widget.FrameLayout.onMeasure(FrameLayout.java:430) E/AndroidRuntime( 7785): at android.view.View.measure(View.java:17430) E/AndroidRuntime( 7785): at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:5463) E/AndroidRuntime( 7785): at com.android.internal.widget.ActionBarOverlayLayout.onMeasure(ActionBarOverlayLayout.java:447) E/AndroidRuntime( 7785): at android.view.View.measure(View.java:17430) E/AndroidRuntime( 7785): at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:5463) E/AndroidRuntime( 7785): at android.widget.FrameLayout.onMeasure(FrameLayout.java:430) E/AndroidRuntime( 7785): at com.android.internal.policy.impl.PhoneWindow$DecorView.onMeasure(PhoneWindow.java:2560) E/AndroidRuntime( 7785): at android.view.View.measure(View.java:17430) E/AndroidRuntime( 7785): at android.view.ViewRootImpl.performMeasure(ViewRootImpl.java:2001) E/AndroidRuntime( 7785): at android.view.ViewRootImpl.measureHierarchy(ViewRootImpl.java:1166) E/AndroidRuntime( 7785): at android.view.ViewRootImpl.performTraversals(ViewRootImpl.java:1372) E/AndroidRuntime( 7785): at android.view.ViewRootImpl.doTraversal(ViewRootImpl.java:1054) E/AndroidRuntime( 7785): at android.view.ViewRootImpl$TraversalRunnable.run(ViewRootImpl.java:5779) E/AndroidRuntime( 7785): at android.view.Choreographer$CallbackRecord.run(Choreographer.java:767) E/AndroidRuntime( 7785): at android.view.Choreographer.doCallbacks(Choreographer.java:580) E/AndroidRuntime( 7785): at android.view.Choreographer.doFrame(Choreographer.java:550) E/AndroidRuntime( 7785): at android.view.Choreographer$FrameDisplayEventReceiver.run(Choreographer.java:753) E/AndroidRuntime( 7785): at android.os.Handler.handleCallback(Handler.java:739) E/AndroidRuntime( 7785): at android.os.Handler.dispatchMessage(Handler.java:95) E/AndroidRuntime( 7785): at android.os.Looper.loop(Looper.java:135) E/AndroidRuntime( 7785): at android.app.ActivityThread.main(ActivityThread.java:5221) E/AndroidRuntime( 7785): at java.lang.reflect.Method.invoke(Native Method) E/AndroidRuntime( 7785): at java.lang.reflect.Method.invoke(Method.java:372) E/AndroidRuntime( 7785): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:899) E/AndroidRuntime( 7785): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:694) W/ActivityManager( 749): Force finishing activity org.fedorahosted.freeotp/.MainActivity

    I might have reordered my OTPs.

    Looking at the documentation of setView, it seems FreeOTP is doing something wrong: https://developer.android.com/reference/android/view/View.html#setTag%28int,%20java.lang.Object%29 Indeed, the key argument should be declared in the resources, but this is not the case here: L33: private static final int KEY = BaseReorderableAdapter.class.hashCode();

    It might also be related to ART, but I don't know.

    Regards,

    Anisse

    opened by npmccallum 6
  • FreeOTP crashes when scanning a code that has no label and no issuer.

    FreeOTP crashes when scanning a code that has no label and no issuer.

    This is possibly related to issue #172.

    I inadvertently created a QR code with no label and no issuer. This code crashes FreeOTP when scanned. The value of the code is as follows:

    otpauth://totp/%3A?issuer=&secret=TEST

    freeotp_crash

    bug 
    opened by AlexHowansky 5
  • Token font size

    Token font size

    On larger mobile devices the Token font scales quite large and can be viewed by others from quite some distance. Please consider adding a configurable Token display size option.

    opened by jpopovitch 0
  • 2.0 Missing name/service information of the keys

    2.0 Missing name/service information of the keys

    1. Seems like a critical bug: on 2.0 the UI doesn't show names for most of the keys, so I can not determine which OTP belongs to which service. Having dozens of keys this makes the app unusable.

    2. Is there a way to switch back to the previous version for now or to export raw secrets from the app?

    Photo on 09 01 2023 at 21 36

    (Sorry for the quality of the pic, the app doesn't allow to make screenshots)

    opened by vacavaca 6
  • Please add more details on

    Please add more details on "Token is unsafe!" message

    When scanning a QR code from Microsoft's mfasetup on https://aka.ms/mfasetup, I get this warning:

    Token is unsafe!

    The token you are attempting to add contains weak cryptographic parameters. Use of this token is stronly discouraged! Please alert your token provider.

    [Cancel] [Add Anyway]

    It might be useful to have more details on why the token is unsafe, e.g. some text about the algorithm (cipher, key exchange mechanism, parameters, …). If possible, it would also be nice to tell why the token is unsafe.

    Version info: FreeOTP 2.0 (24) from F-Droid repository on Android 11.

    opened by ChristianStadelmann 2
  • 2.0 - edit button can be pressed when multiple keys are selected

    2.0 - edit button can be pressed when multiple keys are selected

    It's possible to select multiple keys at once and then the edit button only edits one of them.

    Maybe the edit button should be disabled unless only one key is selected?

    opened by yrro 0
  • Crash when path is missing

    Crash when path is missing

    I received the FreeOTP app 2.0 through F-Droid. It imported my entries without error, but when I open the app and simply scroll down in the list, it crashes.

    This is the output on adb logcat:

    01-08 15:55:28.186 19352 19352 I Adapter : Bind to view token [xxx][xxx]
    01-08 15:55:28.197 19352 19352 E ahosted.freeotp: Invalid ID 0x00000000.
    01-08 15:55:28.197 19352 19352 I Adapter : Bind to view token [xxx][xxx]
    01-08 15:55:28.207  2076 15697 D CompatibilityChangeReporter: Compat change id reported: 161145287; UID 10165; state: DISABLED
    01-08 15:55:28.208 19352 19352 D AndroidRuntime: Shutting down VM
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: FATAL EXCEPTION: main
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: Process: org.fedorahosted.freeotp, PID: 19352
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: java.lang.IllegalArgumentException: Path must not be empty.
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at com.squareup.picasso.Picasso.load(Picasso.java:332)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at org.fedorahosted.freeotp.main.ViewHolder.bind(ViewHolder.java:255)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at org.fedorahosted.freeotp.main.Adapter.onBindViewHolder(Adapter.java:172)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at org.fedorahosted.freeotp.main.Adapter.onBindViewHolder(Adapter.java:64)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at androidx.recyclerview.widget.RecyclerView$Adapter.onBindViewHolder(RecyclerView.java:7065)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at androidx.recyclerview.widget.RecyclerView$Adapter.bindViewHolder(RecyclerView.java:7107)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at androidx.recyclerview.widget.RecyclerView$Recycler.tryBindViewHolderByDeadline(RecyclerView.java:6012)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at androidx.recyclerview.widget.RecyclerView$Recycler.tryGetViewHolderForPositionByDeadline(RecyclerView.java:6279)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at androidx.recyclerview.widget.GapWorker.prefetchPositionWithDeadline(GapWorker.java:288)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at androidx.recyclerview.widget.GapWorker.flushTaskWithDeadline(GapWorker.java:345)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at androidx.recyclerview.widget.GapWorker.flushTasksWithDeadline(GapWorker.java:361)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at androidx.recyclerview.widget.GapWorker.prefetch(GapWorker.java:368)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at androidx.recyclerview.widget.GapWorker.run(GapWorker.java:399)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at android.os.Handler.handleCallback(Handler.java:942)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at android.os.Handler.dispatchMessage(Handler.java:99)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at android.os.Looper.loopOnce(Looper.java:201)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at android.os.Looper.loop(Looper.java:288)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at android.app.ActivityThread.main(ActivityThread.java:7872)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at java.lang.reflect.Method.invoke(Native Method)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
    01-08 15:55:28.208 19352 19352 E AndroidRuntime: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:936)
    01-08 15:55:28.210  2076 19392 I DropBoxManagerService: add tag=data_app_crash isTagEnabled=true flags=0x2
    01-08 15:55:28.211  2076 15697 W ActivityTaskManager:   Force finishing activity org.fedorahosted.freeotp/.main.Activity
    01-08 15:55:28.215  2076  3822 E FrameEvents: updateAcquireFence: Did not find frame.
    01-08 15:55:28.219  2076  2206 I ActivityManager: Showing crash dialog for package org.fedorahosted.freeotp u0
    

    I assume the path was optional with FreeOTP < 2.0 and the importer did not check for this requirement.

    important 
    opened by vollkorn1982 4
Releases(v2.0)
Owner
FreeOTP
FreeOTP
You can store all your password, bank details, card details in one place and remember only one master PIN. The application works totally offline.

Keep Password An application where you can store all your password, bank details, card details in one place and remember only one master PIN. The appl

rıdvan 4 Apr 18, 2022
An Android app that gives you a password generated by a given phrase with a custom algorithm, it also has password and biometric security.

An Android app that gives you a password generated by a given phrase with a custom algorithm, it also has password and biometric security.

Marcos Ariel Paccor 1 May 23, 2022
Productivity Note App utilizing Jetpack Compose

DailyDoc Productivity Note App utilizing Jetpack Compose Currently working on improving UI features and will be applying these directly to the main br

Bryan L 31 Dec 16, 2022
Daily Doc is a Productivity Note App utilizing Jetpack Compose

Daily Doc is a productivity app to help you keep track of your daily progress inspired by 100-day-challenges.

Bryan L 31 Dec 16, 2022
An simple image gallery app utilizing Unsplash API to showcase modern Android development architecture (MVVM + Kotlin + Retrofit2 + Hilt + Coroutines + Kotlin Flow + mockK + Espresso + Junit)

Imagine App An simple image gallery app utilizing Unsplash API. Built with ❤︎ by Wajahat Karim and contributors Features Popular photos with paginatio

Wajahat Karim 313 Jan 4, 2023
NamelessnessR is a vpn hub that combines a number of vpn protocols to provide a hub to a single vpn powerful to protect your privacy only.

NamelessnessR Design concept The Design concept is designed using adobe xd basing of different ideas but mainly Anxray, V2rayNG and NamelessnetX with

mxbhaee 2 Jan 13, 2022
NamelessnessR is a vpn hub that combines a number of vpn protocols to provide a hub to a single vpn powerful to protect your privacy only.

namelessnexR Design concept The Design concept is designed using adobe xd basing of different ideas but mainly Anxray, V2rayNG and NamelessnetX with N

mxbhaee 2 Jan 13, 2022
Open Super dApp - Your gateway to the new digital commons. Integrated mobile messenger, Ethereum wallet, and Web 3.0 browser built on open, decentralized, and encrypted protocols.

A fully open source, open standard, decentralized "super app" including a secure, encrypted Matrix compatible messenger based off of the Element Messenger, and an Ethereum crypto wallet and web3 browser based off of Alpha Wallet.

2Gather 6 Jul 25, 2022
Project for academic course "Telemedicine systems" held on Warsaw University of Technology.

Electronic-Fever-Cards Project for academic course "Telemedicine systems" held on Warsaw University of Technology. This application has two user profi

null 0 Dec 28, 2021
Java/Kotlin lightweight implementation of RFC-6238 and RFC-4226 to generate and validate time-based one-time passwords (TOTP).

1time Java/Kotlin lightweight implementation of RFC-6238 and RFC-4226 to generate and validate time-based one-time passwords (TOTP). Maven / gradle de

Atlassian Labs 31 Dec 21, 2022
All news in one place - one application

nuntiumNewsApp Nuntium | Daily News App Nuntuim news app is a personalised news aggregator that organises and highlights what’s happening in the world

Ro'ziboyev Ismoil 1 Dec 3, 2021
Android-Java-App - Notepad app with user and password. SQL Lite

DVNote2 App Android-Java-App Notepad app with user and password Application made in Android Studio with Java language and SQLite database. How does it

DViga 1 Nov 6, 2021
Duress password trigger.

Duress Duress password trigger. Tiny app to listen for a duress password on the lockscreen. When found, it will send a broadcast message to the select

lucky 194 Jan 1, 2023
FirebaseAuthentication - Login/Register Android Application using Firebase Authentication

FireBaseAuthentication This is a Firebase Authentication Application which will

Akshat Bhuhagal 6 Nov 27, 2022
The application uses Firebase Authentication and Realtime Database services

This is a Chik-Chika. Chick-Chicka is android app, which is based on popular social network - Twitter. The application uses Firebase Authentication and Realtime Database services.

Natro 9 Nov 6, 2022
A ToDo application that I used Firebase Authentication and Firestore.

ToDoApp With the To-Do Application, you can create notes to your list, update them or delete them. You can change its colors as you like and mark it e

Feyza Ürkut 11 Nov 18, 2022
This repo provides a sample application that demonstrates how you can speed up the authentication experience for frontline workers on shared devices using QR codes.

Project This repo has been populated by an initial template to help get you started. Please make sure to update the content to build a great experienc

Microsoft 5 Dec 7, 2022
Google one tap sign in - Flutter Google One Tap Sign In (Android)

Google One Tap Sign In Google One Tap Sign In (Android) A Flutter Plugin for Google One Tap Sign In Getting Started To access Google Sign-In, you'll n

null 6 Nov 23, 2022
Latihan One Time, Repeating, dan Membatalkan AlarmManager

Latihan-Background-Process-dan-Networking-6 Latihan One Time AlarmManager Kali ini kita akan membuat sebuah proyek sederhana dengan skenario seperti b

Ubean 0 Nov 23, 2021