Skip to main content

2FAuth

2fauth.png In the digital age, securing our online accounts is more crucial than ever. As cyber threats evolve, the need for robust security measures has led to the widespread adoption of Two-Factor Authentication (2FA). Enter 2FAuth – a web-based, self-hosted alternative to One-Time Passcode (OTP) generators like Google Authenticator. Designed for both mobile and desktop users, 2FAuth stands out as a versatile and user-friendly solution for enhancing your digital security.

Why Choose 2FAuth?

Ubiquitous 2FA Adoption: With the increasing prevalence of 2FA, the demand for a reliable and accessible solution has never been higher. 2FAuth answers this call by offering a streamlined way to manage your 2FA needs across various accounts and platforms.

Device Independence: Whether you're on a computer, tablet, or someone else's device, 2FAuth's web-based application ensures that you're never without access to your security codes. This flexibility is especially handy in situations where you might not have your smartphone available.

Privacy and Control: As an open-source and self-hosted application, 2FAuth puts the control of your personal security data back in your hands. This feature is invaluable for those who prioritize privacy and want the assurance of being able to back up their 2FA data.

Key Features of 2FAuth

  • Password Generation: At its core, 2FAuth provides TOTP/HOTP security codes, functioning as your personal OTP generator.
  • Cross-Platform Compatibility: Being a web app, 2FAuth works seamlessly across different devices, requiring only an internet connection.
  • QR Code Scanning: Easily add new 2FA accounts by scanning QR codes – a quick and efficient process.
  • Comprehensive 2FA Management: Organize, edit, and manage your 2FA accounts with ease. Grouping, manual additions, and deletions are all possible within 2FAuth.
  • Data Protection: 2FAuth safeguards your data with advanced features like WebAuthn authentication, OTP obfuscation, and auto-lock capabilities.
  • Multi-User Support: Share 2FAuth with family and friends, allowing each user to have their own account.
  • Import/Export Functionality: Easily migrate from other 2FA apps to 2FAuth or export your 2FA data effortlessly.

2FAuth is more than just a security tool; it's a commitment to enhancing and simplifying your digital life's security. By choosing 2FAuth, you're opting for a solution that blends convenience, control, and comprehensive security features, ensuring peace of mind in an increasingly connected world.

If you like 2FAuth software, please consider sponsoring this amazing project.

Webnestify is here to help you with installation if needed. We will install your desired applications, in case of being stuck securing your docker or server.
For more information, please visit our contact page.

Installation

There are couple ways of installing 2FAuth. Find all methods on this link. This guide is for docker-compose installation.

Prerequisites

  • VPS server - at least 2GB RAM

You can get 20€ in cloud credits using this link for Hetzner Cloud. Webnestify recommends Hetzner for all of your projects.

  • Access to the domain. Ideally, in Cloudflare for integrations.
  • Secured server.

Before you continue with the installation, you need to make sure that your server is secured. Visit security guides section. Do not deploy any applications on an unsecured server. Otherwise, you can risk a potential data breach.

Webnestify can help you to secure your server to your specific needs and compliance. Just get in touch.

Video Walkthrough

Docker Engine

First, we will need to install docker engine on our brand new server.

Quick Installation script:

curl -sSL https://get.docker.com/ | CHANNEL=stable sh
# After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
systemctl enable --now docker

Visit official installation guide.

Never install docker from other sources or custom repositiories.

Docker Compose File

version: "3"
services:
  2fauth:
    image: 2fauth/2fauth
    container_name: 2fauth
    volumes:
      - ./2fauth:/2fauth
    ports:
      - 8000:8000/tcp
    environment:
      # You can change the name of the app
      - APP_NAME=2FAuth
      # You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
      # Never set it to "testing".
      - APP_ENV=local
      # Set to true if you want to see debug information in error screens.
      - APP_DEBUG=false
      # This should be your email address
      - SITE_OWNER=mail@example.com
      # The encryption key for  our database and sessions. Keep this very secure.
      # If you generate a new one all existing data must be considered LOST.
      # Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it
      - APP_KEY=SomeRandomStringOf32CharsExactly
      # This variable must match your installation's external address but keep in mind that
      # it's only used on the command line as a fallback value.
      - APP_URL=http://localhost
      # Turn this to true if you want your app to react like a demo.
      # The Demo mode reset the app content every hours and set a generic demo user.
      - IS_DEMO_APP=false
      # The log channel defines where your log entries go to.
      # 'daily' is the default logging mode giving you 5 daily rotated log files in /storage/logs/.
      # Several other options exist. You can use 'single' for one big fat error log (not recommended).
      # Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.
      - LOG_CHANNEL=daily
      # Log level. You can set this from least severe to most severe:
      # debug, info, notice, warning, error, critical, alert, emergency
      # If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
      # nothing will get logged, ever.
      - LOG_LEVEL=notice
      # Database config (can only be sqlite)
      - DB_DATABASE="/srv/database/database.sqlite"
      # If you're looking for performance improvements, you could install memcached.
      - CACHE_DRIVER=file
      - SESSION_DRIVER=file
      # Mail settings
      # Refer your email provider documentation to configure your mail settings
      # Set a value for every available setting to avoid issue
      - MAIL_DRIVER=log
      - MAIL_HOST=smtp.mailtrap.io
      - MAIL_PORT=2525
      - MAIL_FROM=changeme@example.com
      - MAIL_USERNAME=null
      - MAIL_PASSWORD=null
      - MAIL_ENCRYPTION=null
      - MAIL_FROM_NAME=null
      - MAIL_FROM_ADDRESS=null
      # Authentication settings
      # The default authentication guard
      # Supported:
      #   'web-guard' : The Laravel built-in auth system (default if nulled)
      #   'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication
      # WARNING
      # When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in
      # authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will
      # trust him as long as headers are presents.
      - AUTHENTICATION_GUARD=web-guard
      # Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level.
      # Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...)
      # (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard')
      - AUTH_PROXY_HEADER_FOR_USER=null
      - AUTH_PROXY_HEADER_FOR_EMAIL=null
      # Custom logout URL to open when using an auth proxy.
      - PROXY_LOGOUT_URL=null
      # WebAuthn settings
      # Relying Party name, aka the name of the application. If null, defaults to APP_NAME
      - WEBAUTHN_NAME=2FAuth
      # Relying Party ID. If null, the device will fill it internally.
      # See https://webauthn-doc.spomky-labs.com/pre-requisites/the-relying-party#how-to-determine-the-relying-party-id
      - WEBAUTHN_ID=null
      # Optional image data in BASE64 (128 bytes maximum) or an image url
      # See https://webauthn-doc.spomky-labs.com/pre-requisites/the-relying-party#relying-party-icon
      - WEBAUTHN_ICON=null
      # Use this setting to control how user verification behave during the
      # WebAuthn authentication flow.
      #
      # Most authenticators and smartphones will ask the user to actively verify
      # themselves for log in. For example, through a touch plus pin code,
      # password entry, or biometric recognition (e.g., presenting a fingerprint).
      # The intent is to distinguish one user from any other.
      #
      # Supported:
      #   'required': Will ALWAYS ask for user verification
      #   'preferred' (default) : Will ask for user verification IF POSSIBLE
      #   'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)
      - WEBAUTHN_USER_VERIFICATION=preferred
      # Use this setting to declare trusted proxied.
      # Supported:
      #   '*': to trust any proxy
      #   A comma separated IP list: The list of proxies IP to trust
      - TRUSTED_PROXIES=null
      # Leave the following configuration vars as is.
      # Unless you like to tinker and know what you're doing.
      - BROADCAST_DRIVER=log
      - QUEUE_DRIVER=sync
      - SESSION_LIFETIME=120
      - REDIS_HOST=127.0.0.1
      - REDIS_PASSWORD=null
      - REDIS_PORT=6379

Make sure to replace placeholder values to your own values.

About Webnestify

Imagine a world where you can focus on your business and less time maintaining your cloud infrastrucure. With Webnestify cloud based solutions, we provide customized solutions for all types of companies to meet their needs; no matter how big or small they may be!

Read our reviews on Trustpilot!

Subscribe to our YouTube channel!

If you need to setup your own Docker instances or need help with security, visit our Docker deployment service.

You can get 20€ in cloud credits using this link for Hetzner Cloud. Webnestify recommends Hetzner for all of your projects.

Back to top