dor1an is a patent pending secrets management suite project, designed to facilitate secure and efficient management of sensitive information, such as tokens and passwords.

dor1an2FA: the ultimate multifactor transfer tool

The easiest and safest way to transfer your second factor tokens to your apps.

Tired of entering the second factor every time?

Introducing dor1an2FA

Second factor authentication boosts the security of your accounts, adding a huge difficulty level to your opponent, even if she steals your primary credentials. However, the very process of looking up the second factor code in a separate application or device, copying it and typing it in also adds stress to the user, especially when the application asks for it very frequently.

One way to make things easier but without loosing security, is to transfer the second factor code using a side channel. dor1an2FA does it by sending the second factor code from another device (a mobile phone) to the web app by means of a screen-camera communication channel using QR codes.

Many users choose not to enable the second factor, because of the hassle involved in the process of searching and copying the code, leaving them more vulnerable to credential compromise attacks.

dor1an2FA breaks the rigid balance between second factor security and usability, raising both at once.

dor1an2FA is free, open-source, and available for download on multiple platforms..

How dor1an2FA works

dor1an2FA works with two components: a mobile application and a browser extension that communicate with each other through screen-to-camera communication via QR codes.

The mobile application generates second-factor TOTP codes that are updated every 30 seconds.

The browser extension detects websites that require second-factor authentication. When it does, it turns on the laptop camera and generates a QR code related to the URL requesting the second factor.

The user has to face the phone screen towards the laptop camera, the mobile application reads the QR code generated by the browser extension, checks if the URL is valid and, if so, displays the QR-encoded second factor token on the screen.

The browser extension reads the QR-encoded 6-digit numeric token, decodes it and inserts it into the application authenticating the user.

All this in less than a second, without the need for the user to type the code...

Known Limitations

As of now, this project has the following limitations:

Mobile Support

  • Currently developed only for Apple iOS and can be installed manually via Xcode as a developer.

  • The code is in the process of being submitted to the App Store.

  • An Android version is under development.

Browser Support

  • Currently developed only for Google Chrome and can be installed manually as a developer.

  • The code is in the process of being submitted to the Chrome Web Store.

  • Extensions for other browsers are under development.

Website Support

In HTML, password fields are standardized as input elements of type "password". However, for the 6-digit second factor, there is no standardization. The input element can be of any type (commonly "text" or "password"), and its ID or name attribute can vary significantly between implementations. This lack of standardization makes it challenging to reliably identify fields for entering the 6-digit second factor on websites.

To address this, dor1an2FA employs a strategy to automatically detect input fields of type "text" or "password" and searches for IDs or names containing keywords such as "mfa", "otp", "2fa", "6-digit", and similar patterns. As new variations or naming conventions are discovered, they will be analyzed and added to the detection criteria, ensuring improved compatibility with a wider range of websites.

About dor1an project

dor1an is a patent pending secrets management suite designed to facilitate secure and efficient management of sensitive information, such as tokens and passwords.

It employs bidirectional camera-to-screen communication to enhance usability without compromising security. By integrating innovative technology with practical application, dor1an offers a novel approach to balancing the challenges of accessibility and protection in secrets management.