Second Password is a web-based two-factor authentication (2FA) solution that implements Time-based One-time Password (TOTP) for secure user authentication. All passwords are end-to-end encrypted and synced to the cloud, meaning your data is encrypted before it leaves your device and can only be decrypted by you. This makes your TOTP secrets accessible from any device while maintaining maximum security.
- 🌐 Web-based interface accessible from any device
- 🔐 End-to-end encryption of all sensitive data
- ☁️ Cloud synchronization of encrypted TOTP secrets
- 🔒 Client-side encryption of sensitive data
- 🎨 Clean and intuitive user interface
- 🔄 Automatic TOTP code updates
- 📋 One-click code copying
- Python 3.6 or higher
- pip (Python package manager)
- PostgreSQL (optional, SQLite is used by default)
- Clone the repository:
git clone https://github.com/viperadnan-git/second-password.git
cd second-password- Install required packages:
pip install -r requirements.txt- Set up environment variables (create a
.envfile or set the variables in your system):
| Variable | Type | Default | Required | Description |
|---|---|---|---|---|
| SECRET_KEY | string | UUID4 | No | Flask secret key used for session management |
| SITENAME | string | "Second Password" | No | Name of the site displayed in UI |
| DATABASE_URL | string | None | No | PostgreSQL database URL. If not set, SQLite will be used |
| SQLITE_PATH | string | "user.db" | No | Path to SQLite database file (only used if DATABASE_URL not set) |
| HOST | string | "0.0.0.0" | No | Host address to bind the server to |
| PORT | integer | 8000 | No | Port number to run the server on |
Example .env file:
To run the development server:
python -m srcThe application will be available at http://localhost:8000
- Build the Docker image:
docker build -t second-password .- Run the container:
docker run -p 8000:8000 -e SECRET_KEY=your_secret_key_here second-password- Make sure you have a CapRover instance set up
- Deploy using the provided
captain-definitionfile - Configure environment variables in CapRover dashboard
The application supports both SQLite and PostgreSQL:
- SQLite (default): No configuration needed, will create
user.dbin root directory - PostgreSQL: Set
DATABASE_URLenvironment variable:
DATABASE_URL=postgresql://user:password@localhost:5432/dbname
- Set a strong
SECRET_KEYin environment variables - Use HTTPS in production
- Keep your database credentials secure
- TOTP secrets are encrypted using AES before storage
- Passwords are hashed using bcrypt
- Client-side encryption of sensitive data
- Session-based authentication
- Backend: Flask, Python
- Database: PostgreSQL/SQLite with Peewee ORM
- Frontend: Bootstrap 5, JavaScript
- Authentication: Flask-Login
- Encryption: CryptoJS (client-side), bcrypt (server-side)
- TOTP: otplib
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Adnan - @viperadn - [email protected]
Project Link: https://github.com/viperadnan-git/second-password