Hi all — it looks like this repo hasn't seen much activity in a while, so I went ahead and forked it: OTPilot Authenticator
On top of the original extension, it adds:
- Encrypted cloud backup — Dropbox, using OAuth Authorization Code + PKCE (no client secret ever shipped in the extension), gated behind a master password
- Advisor — security suggestions for your accounts (e.g. flags weak/duplicate setups)
- Host-bound autofill — codes only autofill when the site matches the account's saved host
- A redesigned import flow and a token-based (CSS custom properties) design system for the UI
A note on backup providers: I initially planned Google Drive support too, but had to drop it. chrome.identity.getAuthToken is blocked for this use case by Google's 2023 restriction on custom-URI-scheme redirects, and Google's token endpoint still requires a client secret even with PKCE — so a "Google Drive + no backend server + zero secrets in the extension" combination isn't achievable. Since keeping the extension backend-less and secret-free was a hard requirement for me, Dropbox (which supports PKCE without a secret) was the only provider that fit. OneDrive is currently disabled as well, but I may revisit adding it back in the future.
It's a straight fork, not a rewrite — same core OTP engine, and all credit for the original work goes to this project. Happy to answer questions or take feedback if anyone tries it out.
** OTPilot Authenticator(已上架 Chrome Web Store)**
大家好,看這個 repo 一陣子沒什麼動靜了,所以我自己 fork 了一份:OTPilot Authenticator
在原版基礎上加了幾個功能:
- 加密雲端備份——Dropbox,用 OAuth Authorization Code + PKCE(擴充內完全不含 client secret),需先設定主密碼才能用
- Advisor——帳號安全建議(例如提示弱密碼/重複設定)
- Host-bound autofill——只有網站 host 跟帳號存的一致才會自動帶入驗證碼
- 匯入流程重新設計,UI 改用 CSS custom properties 的 design token 系統
備份服務商補充說明:一開始也有計劃支援 Google Drive,但後來放棄了。原因是 chrome.identity.getAuthToken 被 Google 2023 年對 custom-URI-scheme redirect 的限制擋死,而且 Google 的 token endpoint 即使用 PKCE 仍然強制要求 client secret——所以「Google Drive + 不架後端 + 擴充內零 secret」這個組合做不到。因為「不架後端、零 secret」對我來說是硬性要求,Dropbox(PKCE 免 secret)就成了唯一符合條件的服務商。OneDrive 目前也是停用狀態,但未來可能會考慮加回去。
這是單純的 fork,不是重寫,核心 OTP 邏輯沿用原專案,所有原創功勞歸於原作者。歡迎大家試用後提供意見。
Hi all — it looks like this repo hasn't seen much activity in a while, so I went ahead and forked it: OTPilot Authenticator
On top of the original extension, it adds:
A note on backup providers: I initially planned Google Drive support too, but had to drop it.
chrome.identity.getAuthTokenis blocked for this use case by Google's 2023 restriction on custom-URI-scheme redirects, and Google's token endpoint still requires a client secret even with PKCE — so a "Google Drive + no backend server + zero secrets in the extension" combination isn't achievable. Since keeping the extension backend-less and secret-free was a hard requirement for me, Dropbox (which supports PKCE without a secret) was the only provider that fit. OneDrive is currently disabled as well, but I may revisit adding it back in the future.It's a straight fork, not a rewrite — same core OTP engine, and all credit for the original work goes to this project. Happy to answer questions or take feedback if anyone tries it out.
** OTPilot Authenticator(已上架 Chrome Web Store)**
大家好,看這個 repo 一陣子沒什麼動靜了,所以我自己 fork 了一份:OTPilot Authenticator
在原版基礎上加了幾個功能:
備份服務商補充說明:一開始也有計劃支援 Google Drive,但後來放棄了。原因是
chrome.identity.getAuthToken被 Google 2023 年對 custom-URI-scheme redirect 的限制擋死,而且 Google 的 token endpoint 即使用 PKCE 仍然強制要求 client secret——所以「Google Drive + 不架後端 + 擴充內零 secret」這個組合做不到。因為「不架後端、零 secret」對我來說是硬性要求,Dropbox(PKCE 免 secret)就成了唯一符合條件的服務商。OneDrive 目前也是停用狀態,但未來可能會考慮加回去。這是單純的 fork,不是重寫,核心 OTP 邏輯沿用原專案,所有原創功勞歸於原作者。歡迎大家試用後提供意見。