PHPackages robbyahnmsd/totp-authenticator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. robbyahnmsd/totp-authenticator ActiveSilverstripe-vendormodule[Authentication & Authorization](/categories/authentication) robbyahnmsd/totp-authenticator ============================== A TOTP authenticator for use with silverstripe/mfa 4.x-dev(3y ago)0461[3 PRs](https://github.com/robbyahnmsd/silverstripe-totp-authenticator/pulls)BSD-3-ClauseJavaScriptPHP ^7.4 || ^8.0 Since Jan 4Pushed 1y agoCompare [ Source](https://github.com/robbyahnmsd/silverstripe-totp-authenticator)[ Packagist](https://packagist.org/packages/robbyahnmsd/totp-authenticator)[ RSS](/packages/robbyahnmsd-totp-authenticator/feed)WikiDiscussions 4 Synced 1mo ago READMEChangelogDependencies (9)Versions (5)Used By (0) Silverstripe TOTP Authenticator =============================== [](#silverstripe-totp-authenticator) [![CI](https://github.com/silverstripe/silverstripe-totp-authenticator/actions/workflows/ci.yml/badge.svg)](https://github.com/silverstripe/silverstripe-totp-authenticator/actions/workflows/ci.yml)[![Silverstripe supported module](https://camo.githubusercontent.com/9b7e93d393a01f6d3091fb30983b870aa863ef076858115faaa1c74b995854ec/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f73696c7665727374726970652d737570706f727465642d3030373143342e737667)](https://www.silverstripe.org/software/addons/silverstripe-commercially-supported-module-list/) Log in to Silverstripe with an authenticator app on your phone as a secondary factor, using a time-based one-time password (TOTP). This module provides a TOTP authenticator that plugs in to the [silverstripe/mfa](https://github.com/silverstripe/silverstripe-mfa)module. For more information about TOTP, see [RFC 6238](https://tools.ietf.org/html/rfc6238). Requirements ------------ [](#requirements) - PHP ^7.1 - Silverstripe ^4.1 - silverstripe/mfa: ^4.0 - spomky-labs/otphp: ^9.1 Installation ------------ [](#installation) Install with Composer: ``` composer require silverstripe/totp-authenticator ^4.0 ``` For Silverstripe 3.7 support, please use `silverstripe/totp-authenticator ^3.0`. Configuration ------------- [](#configuration) ### Encryption key [](#encryption-key) You will need to define an environment variable named `SS_MFA_SECRET_KEY` with a random secret key, which is used for encrypting the TOTP secret. The authentication method will not be available for use until this is correctly defined. Please note that existing registered TOTP methods for users will not be usable on environments with different values for `SS_MFA_SECRET_KEY` than they were registered in. There are many ways to create a random secret key, the easiest is by executing a `php` command on the command line. The secret key length depends on your specific information security controls, but 32 characters is a good baseline. ``` php -r 'echo substr(base64_encode(random_bytes(32)), 0, 32) . "\n";' ``` ### TOTP secret length [](#totp-secret-length) You can also configure the length of the TOTP secret. This is the code that is displayed to users when they register to use TOTP, for example "alternatively, enter this code manually into your app." The default length is 16 characters. If you do not want to support manual code entry in your project, you may want to increase the length in order to increase the entropy of the TOTP secret, however removing the secret from the UI will require adjustments to the React components. See the `RegisterHandler.secret_length` configuration property. ``` SilverStripe\TOTP\RegisterHandler: secret_length: 64 ``` ### TOTP code length [](#totp-code-length) If you want to change the length of the TOTP codes the application accepts, you can adjust `Method.code_length`. The default length is 6 characters. ``` SilverStripe\TOTP\Method: code_length: 10 ``` ### User help link [](#user-help-link) When this method is used on the website during the multi-factor login process, it may show a "find out more" link to user documentation. You can disable this by nullifying the configuration property `RegisterHandler.user_help_link`or you can change it to point to your own documentation instead: ``` SilverStripe\TOTP\RegisterHandler: user_help_link: 'https://intranet.mycompany.com/help-docs/using-totp' ``` ### TOTP issuer and label [](#totp-issuer-and-label) The TOTP "issuer" is the Silverstripe site name (set in SiteConfig) by default, and the "label" is the member's email address by default. These are the values that show up in your authenticator app. You can change these if you need to use something else, by writing an extension on `RegisterHandler`: ``` class MyTOTPRegisterHandlerExtension extends Extension { public function updateTotp(\OTPHP\TOTPInterface $totp, \SilverStripe\Security\Member $member) { $totp->setLabel($member->getCustomTOTPLabel()); $totp->setIssuer('My web project'); } } ``` License ------- [](#license) See [License](LICENSE.md) Bugtracker ---------- [](#bugtracker) Bugs are tracked in the issues section of this repository. Before submitting an issue please read over existing issues to ensure yours is unique. If the issue does look like a new bug: - Create a new issue - Describe the steps required to reproduce your issue, and the expected outcome. Unit tests, screenshots and screencasts can help here. - Describe your environment as detailed as possible: Silverstripe version, Browser, PHP version, Operating System, any installed Silverstripe modules. Please report security issues to the module maintainers directly. Please don't file security issues in the bug tracker. Development and contribution ---------------------------- [](#development-and-contribution) If you would like to make contributions to the module please ensure you raise a pull request and discuss with the module maintainers. ### Health Score 25 — LowBetter than 37% of packages Maintenance30 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community14 Small or concentrated contributor base Maturity40 Maturing project, gaining track record Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1222d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/ab6e25f99d990ea4b869730f148ceb7ac29d6340d0ba3c52caaf981930d2ad71?d=identicon)[robbyahnmsd](/maintainers/robbyahnmsd) --- Top Contributors [![robbieaverill](https://avatars.githubusercontent.com/u/5170590?v=4)](https://github.com/robbieaverill "robbieaverill (69 commits)")[![emteknetnz](https://avatars.githubusercontent.com/u/4809037?v=4)](https://github.com/emteknetnz "emteknetnz (35 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (32 commits)")[![ScopeyNZ](https://avatars.githubusercontent.com/u/3260989?v=4)](https://github.com/ScopeyNZ "ScopeyNZ (16 commits)")[![GuySartorelli](https://avatars.githubusercontent.com/u/36352093?v=4)](https://github.com/GuySartorelli "GuySartorelli (9 commits)")[![robbyahnmsd](https://avatars.githubusercontent.com/u/94818208?v=4)](https://github.com/robbyahnmsd "robbyahnmsd (9 commits)")[![chillu](https://avatars.githubusercontent.com/u/111025?v=4)](https://github.com/chillu "chillu (2 commits)")[![NightJar](https://avatars.githubusercontent.com/u/778003?v=4)](https://github.com/NightJar "NightJar (1 commits)")[![michalkleiner](https://avatars.githubusercontent.com/u/233342?v=4)](https://github.com/michalkleiner "michalkleiner (1 commits)")[![sabina-talipova](https://avatars.githubusercontent.com/u/87288324?v=4)](https://github.com/sabina-talipova "sabina-talipova (1 commits)")[![dnsl48](https://avatars.githubusercontent.com/u/9313746?v=4)](https://github.com/dnsl48 "dnsl48 (1 commits)") --- Tags totpsecurityAuthenticationsilverstripe2facmsMFA ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/robbyahnmsd-totp-authenticator/health.svg) ``` [![Health](https://phpackages.com/badges/robbyahnmsd-totp-authenticator/health.svg)](https://phpackages.com/packages/robbyahnmsd-totp-authenticator) ``` ### Alternatives [scheb/2fa-totp Extends scheb/2fa-bundle with two-factor authentication using TOTP 292.7M21](/packages/scheb-2fa-totp)[chillerlan/php-authenticator A generator for counter- and time based 2-factor authentication codes (Google Authenticator). PHP 8.2+ 58119.1k2](/packages/chillerlan-php-authenticator)[jiripudil/otp Library that generates and verifies one-time passwords. 2825.4k1](/packages/jiripudil-otp)[silverstripe/mfa Enable multi-factor authentication with fallback codes 10346.1k8](/packages/silverstripe-mfa)[remotemerge/totp-php Lightweight, fast, and secure TOTP (2FA) authentication library for PHP — battle tested, dependency free, and ready for enterprise integration. 2010.2k](/packages/remotemerge-totp-php)[kelunik/two-factor Two factor authentication. 371.9k1](/packages/kelunik-two-factor) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)