Inspiration
This project was inspired by a wide variety of other OTP apps. We found that all of these apps were either insecure via generating a OTP code directly on the device it was being used on and therefore sacrifices the security of the system (https://github.com/browserpass/browserpass-extension#a-note-about-otp.) Or requires manually unlocking a TOTP app on a separate device, and painstakingly typing the code in one digit at a time. We seek to solve this problem by allowing users to generate the TOTP securely on a seperate device with the same convenience as generating it locally.
What it does
The final system utilizes a browser extension, server, and android application to allow for seamless two factor TOTP authentication, where the user can click on a button through their browser extension, and immediately get a popup on their phone asking if they would like to perform a 2FA handshake, were upon clicking yes, the application will send the code to the browser extension, and users clipboard.
How we built it
In order to create a system that could cohesively work together to make 2FA seamless, we split up our work into the application development, extension development, and server development.
On the application side, we utilized PyQT, a framework that allowed us to build both the app code, and UI through python. Our application had to be able to do 3 tasks, connect to an account linked with the browser extension, add a desired 2FA target to its library, and receive the request for the 2FA handshake, and give the user the option of accepting or denying it.
Challenges we ran into
Our biggest challenge was our inexperience, we chose an ambitious project, with 3 different systems working together, and in order to accomplish it, we had to step outside of our comfort zones, one of us had to learn how to develop and build an application from scratch, and the other how to make a plugin in java script, which he had never worked with before. Building the application especially was incredibly challenging. A lot of our time was spent making mistakes, but it was through those mistakes that we where able to learn new things, and eventually gain familiarity and overcome our inexperience.
Accomplishments that we're proud of
Staying up for a full 24 hours, we are most proud of what we where able to learn and experience in a short amount of time. Within just 24 hours, we both learned completely new skills which could be applied to many parts of our lives and careers, in addition, we proved to each other and to ourselves that we had grit, and where willing to go through a sometimes fun, sometimes rigorous 24 hours to accomplish a shared goal. Overall, I am very excited to see what we can do both with what we learned about programming, and about ourselves.
What we learned
One of us learned how to develop apps from complete scratch, and the other learned how to do the same for extensions. But we also learned how to fit moving parts together, interconnecting two completely different pieces of code into a cohesive system.
What's next for Saifu
We plan to continue development, polish the app, and add more features. Currently the app only supports 30 second interval TOTP. Supporting more authentication protocols is our next big hurdle. One of our long term stretch goals is to be able to integrate into enterprise 2FA. Our largest priority though is to continue to enhance the security of our application, and make it the best 2FA app.
Log in or sign up for Devpost to join the conversation.