A Bookmarklet For Two-Step Authentication
Authlet is a browser bookmarklet designed to provide you the authentication code for a specific website requiring two-step authentication. You'd normally use an app like Google Authenticator to generate these codes; Authlet allows you to use a bookmarklet from your browser itself and have the passcode pop up in an alert or fill an input box that you've clicked on.
As a recent admit to one certain university, I was quickly faced with the daunting annoying prospect of using the beast that is two-step authentication. To be clear, I don't think it's an entirely unnecessary precaution in the threat-filled internets of today: it's just an annoyance. Authlet is for anyone who doesn't want to pull out their phone and pull up an app just to see their web mail.
By its very nature, Authlet attenuates the purpose of two-step authentication by making it easier to gain access to the second step in two-step but only if someone has gained physical access to your computer. Please use Authlet with care and always heed the warnings of your institution's security geeks; I'm not responsible for any trouble related to your use of this bookmark. That being said, I think there's comparatively little to worry about for anyone who exercises good judgment with their credentials. As Wikipedia notes:
In the case of a lost ATM card, the user's accounts are still safe; anyone who finds the card cannot withdraw money as they do not know the PIN. The same is true if the attacker has only knowledge of the PIN and does not have the card. This is what makes two-factor verification more secure: there are two factors required in order to authenticate.
As such, you're screwed, if you'll pardon my language, whether someone steals your authenticating laptop or smartphone, but you're not as screwed if they don't also have your password: a good reason not to save your credentials anywhere that isn't encrypted. In fact you might argue that it's marginally easier to pilfer your mobile devices. Maybe I'm wrong, but one of the only negative instances I can imagine would be if someone installed malicious tracking software on a computer using Authlet. You'd be screwed anyway if that were the case.
You will need your authentication key to create an Authlet for a particular website. This usually comes in the form of a text-based string of letters and numbers that you are instructed to enter into an app like Google Authenticator; many sites like Dropbox refer to this sequence as your secret key. If you are instead presented with only a QR code and no option to get a text-based key, simply download the QR code image and use any one of many free QR decoding services available online. I strongly suggest that you first install authentication with your phone alongside Authlet. Please enter your key in the input box below and hit submit.
The link generated by the input box is your personal Authlet! Drag it to your toolbar or right click it and bookmark it for future use. Please remember to test your Authlet by clicking on the link here first! The next time you navigate to the given login site, simply click inside the passcode input box and then your Authlet. If you don't click on the input box, that's also okay; your passcode will pop up as an alert in your browser.
Authlet was an afternoon project borne of impatience and I don't intend to develop this very significantly. If you have an idea or feature suggestion, please feel free to contribute to this project's GitHub repository! Likewise, please let me know if you found Authlet useful.