- Securely stores your OTP secrets in Chrome's storage
- Login to your OTP-protected accounts with just two clicks
- Uses encryption and the Web Credential Management API to keep your secrets safe
The extensions has finally been published to the chrome webstore: OTP Manager
- click the OTP-Manager extension icon
- click the "Add new" button and follow the instructions
- When prompted to enter a OTP code, click the OTP-Manager extension icon
- Select OTP Manager from the list of available credentials
For some websites, you may need to click into the OTP field before clicking the extension icon.
On first launch, OTP Manager generates a AES-GCM key and stores it in the extension's storage.
This key is used to encrypt your secrets before they are stored on the page itself using the Web Credential API.
The key is never stored in plaintext, and is only accessible to the extension itself when the user invokes the extension and selects the identity.
When the user invokes the extension to generate a OTP token, the extension request the encrypted secret from the page. To fulfill this request, the user has to confirm by selecting the OTP Manager identity from the list of available credentials. Then, the extension decrypts the secret and generates the OTP token, which is then sent back to the page. None of your secrets are sent to any third party servers, and the extension only communicates with the page itself.
This project is licensed under the MIT License - see the LICENSE file for details
- clone the repository
- run
npm install - run
npm run buildto build the extension - open the extensions page in chrome
- enable developer mode
- click "load unpacked" and select the
buildfolder
After each rebuild, you have to reload the extension on the extensions page