I’ve been using Google Authenticator for as long as I can remember. It was one of those apps I installed once and never really questioned. Lately, I have been de-Googling my life, but there were still some services I hadn’t gotten rid of yet.
Of course, using an authenticator app is much better than relying on SMS, but the more I thought about it, the less comfortable I was with leaving something that critical in the hands of a company with a long history of killing off products without warning.
Security aside, it just felt wrong to outsource something so sensitive to a platform I’m trying to move away from. So, instead of jumping to another third-party app, I figured I’d take a different approach. What if I just hosted my own?
That’s when I found 2FAuth, an open-source alternative that you can fully self-host. It works with pretty much any service that supports TOTP and HOTP, and even supports Steam Guard codes, which is a great bonus. The setup is surprisingly straightforward, too, especially if you’re already familiar with Docker or running local containers.
Related
I replaced Google Photos, Drive, and Docs with these free self-hosted services — and they’re better, too
If you want to de-Google your life, then these are some of the best services to get started.
Deploying 2FAuth with Docker
Taking control without the headache
You can host 2FAuth using Docker by simply grabbing the provided Docker Compose file from the project’s GitHub repository. The setup is fairly straightforward, but you’ll need to tweak a few things in the config before spinning it up. I’ll walk through the changes I made below.
Out of the box, 2FAuth will run on localhost, which is fine if you just want to use it exclusively on the device you’re hosting 2FAuth on. But let’s be honest, you’re going to want access to your codes on other devices, like your phone, too. That’s where a reverse proxy comes in, as you can then expose the service securely over your network or even the internet.
The good news is that migration is just as easy. If you’ve been using Google Authenticator or any other MFA app that supports exporting, you can import your saved tokens directly into 2FAuth. And if you’re deploying it at home, you can even create multiple user accounts, so your family can manage their own tokens under one shared instance.
Before deploying 2FAuth, though, you’ll first need to make some changes to some environment variables in the compose file:
- SITE_OWNER=mail@example.com
- APP_KEY=SomeRandomStringOf32CharsExactly
- APP_URL=http://your-server-ip:8000
- ASSET_URL=http://your-server-ip:8000
First, replace the “SITE_OWNER” variable with your own email address. Then, set a 32-character string for “APP_KEY”. You can create one manually if you prefer, or generate a secure key by running the following command in your terminal:
openssl rand -hex 16
After that, update the “APP_URL” field with the IP address or URL where you want to access 2FAuth. Ensure that you use the same address for “ASSET_URL” as well; otherwise, assets like images may not load correctly. Once everything is set, run the file using a composer, and 2FAuth should be up and running.
Related
I tried these Docker containers and now I can’t live without them
These Docker containers will blow your mind
What it’s like using 2FAuth
You’re not missing out on anything
The first time you open 2FAuth, it’ll prompt you to create a new account. This is the only account you’ll need to manage all your codes, and you can even secure it further by adding a YubiKey or biometric verification for login. Once that’s done, the interface is clean, simple, and does exactly what you expect from an MFA app, with a few added bonuses.
You can start adding services by scanning the standard QR code you’d typically see when setting up 2FA on a site, the same code you’d scan with Google Authenticator or any other app. You also have the option to manually paste in the secret key if you prefer to set things up that way, or even upload a QR code image file if you’ve saved it from somewhere else.
If you’re migrating from a previous app, importing your existing 2FA tokens is also fairly straightforward. As long as your old app supports export (Google Authenticator does), you can easily transfer your saved entries into 2FAuth. For Steam users, there’s a dedicated mode that lets you generate Steam Guard codes, saving you from needing the official Steam mobile app entirely.
It even has a browser extension so that you can view and copy your OTP codes directly from your toolbar. There’s also something here for developers and tinkerers. If you’re building something of your own, such as a dashboard or internal tooling, 2FAuth provides a RESTful API that you can use to generate, retrieve, or manage 2FA codes remotely. You’ll find the option to generate a secure API token in the Settings menu, and from there, you can automate or integrate it into your broader self-hosted stack.
Related
I tried dozens of password managers and I keep coming back to this open-source tool
The open-source password manager that earned my loyalty
2FAuth does everything you need it to
While the setup might take a few extra minutes, just like any self-hosted tool, it’s a small price to pay for full control over your authentication data. You don’t have to worry about apps being discontinued or your codes being tied to a platform you’re moving away from. And once it’s up, there’s hardly any learning curve. The interface is simple, and it works great on mobile too.