dor1an is a patent pending secrets management suite project, designed to facilitate secure and efficient management of sensitive information, such as tokens and passwords.




Tired of entering the second factor every time?
One way to make things easier but without loosing security, is to transfer the second factor code using a side channel. dor1an2FA does it by sending the second factor code from another device (a mobile phone) to the web app by means of a screen-camera communication channel using QR codes.
Many users choose not to enable the second factor, because of the hassle involved in the process of searching and copying the code, leaving them more vulnerable to credential compromise attacks.
dor1an2FA breaks the rigid balance between second factor security and usability, raising both at once.
dor1an2FA is free, open-source, and available for download on multiple platforms..



Known Limitations
As of now, this project has the following limitations:
Mobile Support
Currently developed only for Apple iOS and can be installed manually via Xcode as a developer.
The code is in the process of being submitted to the App Store.
An Android version is under development.
Browser Support
Currently developed only for Google Chrome and can be installed manually as a developer.
The code is in the process of being submitted to the Chrome Web Store.
Extensions for other browsers are under development.
Website Support
In HTML, password fields are standardized as input elements of type "password". However, for the 6-digit second factor, there is no standardization. The input element can be of any type (commonly "text" or "password"), and its ID or name attribute can vary significantly between implementations. This lack of standardization makes it challenging to reliably identify fields for entering the 6-digit second factor on websites.
To address this, dor1an2FA employs a strategy to automatically detect input fields of type "text" or "password" and searches for IDs or names containing keywords such as "mfa", "otp", "2fa", "6-digit", and similar patterns. As new variations or naming conventions are discovered, they will be analyzed and added to the detection criteria, ensuring improved compatibility with a wider range of websites.