starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-09 14:53:00 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

🚀 Feature: TOTP Authenticator App integration #35

New Issue
Closed
opened 2025-10-07 23:50:32 +03:00 by OVERLORD · 1 comment
OVERLORD commented 2025-10-07 23:50:32 +03:00
Owner
Copy Link

Originally created by @raidolo on GitHub.

Feature description

TOTP Authenticator app as alternative method to login

Pitch

Hi,
First of all, thank you for this beautiful project — I’ve successfully deployed Pocket-ID using NGINX Proxy Manager and Vouch-proxy, and everything is working smoothly.
Great job!

One feature I’d love to see in the future is support for authenticator apps (like Google Authenticator or Authy) as an alternative login method. In some cases, it can be a bit cumbersome to open Pocket-ID on an already authorized device just to generate the OTP and log in.

Adding support for standard TOTP-based authentication would make the login flow more flexible and user-friendly.
Thanks again for your hard work!

Best regards.

Originally created by @raidolo on GitHub. ### Feature description TOTP Authenticator app as alternative method to login ### Pitch Hi, First of all, thank you for this beautiful project — I’ve successfully deployed Pocket-ID using NGINX Proxy Manager and Vouch-proxy, and everything is working smoothly. Great job! One feature I’d love to see in the future is support for authenticator apps (like Google Authenticator or Authy) as an alternative login method. In some cases, it can be a bit cumbersome to open Pocket-ID on an already authorized device just to generate the OTP and log in. Adding support for standard TOTP-based authentication would make the login flow more flexible and user-friendly. Thanks again for your hard work! Best regards.
OVERLORD commented 2025-10-07 23:50:35 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Thanks for the suggestion. TOTP is designed to be used in combination with a password as a second factor. Since Pocket-ID is passwordless by design, we won’t be adding TOTP as a primary login option, on its own it’s vulnerable to phishing and secret key theft, which makes it weaker than passkeys and even less secure than one time access tokens.

@stonith404 commented on GitHub: Thanks for the suggestion. TOTP is designed to be used in combination with a password as a second factor. Since Pocket-ID is passwordless by design, we won’t be adding TOTP as a primary login option, on its own it’s vulnerable to phishing and secret key theft, which makes it weaker than passkeys and even less secure than one time access tokens.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#35
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?