Closed konus1 closed 3 years ago
We support the most popular 2FA methods. Currently almost all websites support the 6 digit TOTP code with sha1. There are no known weaknesses in using sha1 with a 6 digit expiring code. If there is a shift where sites stop supporting this and require other method we would add support for the other methods.
Beside sha-1, also SHA-256 and SHA-512 are are specified by RFC6238 as hash algorithms when generating TOTP codes. Since there are some websites with implementations around which use these algorithms, I would like to use it with OnlyKey too. I suggest supporting the Google OTP URL Format like otpauth://example.com/?secret=MYTOTPSECRET&digits=6&period=30&algorithm=sha256