A Docker container with Google Authenticator to stop being dependent on a cell phone. Import your existing tokens with CLI and access the codes with CLI or a minimalistic web interface.
In principle, the main purpose of 2FA is to have the second factor of authentication on a different device. It does not imply this device must necessarily be a cell phone. You can put 2FA on another thrusted computer, preferably phisically located in a different city or country. Such strategy could actually make your 2FA more secure than the phone, which could be broken or stolen.
The security risks are your own. Be wise and do your own research.
Clone together with submodules:
git clone --recurse-submodules [email protected]:dmikushin/google-authenticator.git
Start the container:
docker build -t google-authenticator .
docker-compose up -d
docker-compose exec google-authenticator sh
Inside the container:
authenticator add Google:[email protected]
You will need to hand in two things:
- A passphrase, which will be used to encrypt the token in the container (do not set an empty passphrase, otherwise the program will silently abort!)
- A shared key, which connects your token and the authorization authority (e.g. Google) into a thrust ring. The shared key could be extracted from the authenticator app, using a nice tool.
Once the token is added, it could be used normally:
authenticator generate
or via the web interface at http://localhost:48080