2fauth

2fauth

Official

Docker app from A75G's Repository

Overview

A web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes Before running container Unraid CLI mkdir /mnt/user/appdata/2fauth chown 1000:1000 /mnt/user/appdata/2fauth Register first username for admin user More info in https://github.com/Bubka/2FAuth/blob/master/docker/docker-compose.yml and advanced

2FAuth

Docker build status https://codecov.io/gh/Bubka/2FAuth https://github.com/Bubka/2FAuth/blob/master/LICENSE

A web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes

screens

2FAuth Demo
Credentials (login - password) : demo@2fauth.app - demo

Purpose

2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.

It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface.

I created it because :

  • Most of the UIs for this kind of apps show tokens for all accounts in the same time with stressful countdowns (in my opinion)
  • I wanted my 2FA accounts to be stored in a standalone database I can easily backup and restore (did you already encountered a smartphone loss with all your 2FA accounts in Google Auth? I did...)
  • I hate taking out my smartphone to get an OTP when I use a desktop computer
  • I love coding and I love self-hosted solutions

Main features

  • Manage your 2FA accounts and organize them using Groups
  • Scan and decode any QR code to add account in no time
  • Add custom account without QR code thanks to an advanced form
  • Edit accounts, even the imported ones
  • Generate TOTP and HOTP security codes and Steam Guard codes

2FAuth is currently fully localized in English and French. See Contributing if you want to help on adding more languages.

Security

2FAuth provides several security mechanisms to protect your 2FA data as best as possible.

Single user app

You have to create a user account and authenticate yourself to use the app. It is not possible to create more than one user account, the app is thought for personal use.

Modern authentication

You can sign in 2FAuth using a security key like a Yubikey or a Titan key and disable the traditional login form.

Data encryption

Sensitive data stored in the database can be encrypted to protect them against db compromise. Encryption is provided as an option which is disabled by default. It is strongly recommended to backup the APP_KEY value of your .env file (or the whole file) when encryption is On.

Auto logout

2FAuth automatically log you out after an inactivity period to prevent long life session. The auto logout can be deactivated or triggered when a security code is copied.

RFC compliance

2FAuth generates OTP according to RFC 4226 (HOTP Algorithm) and RFC 6238 (TOTP Algorithm) thanks to Spomky-Labs/OTPHP php library.

Requirements

Installation guides

Upgrading

Migration

2FAuth supports importing from the following formats: 2FAuth (JSON), Google Auth (QR code), Aegis Auth (JSON, plain text), 2FAS Auth (JSON)

Contributing

You can contribute to 2FAuth in many ways:

License

AGPL-3.0

Install 2fauth on Unraid in a few clicks.

Find 2fauth in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.

Open the Apps tab on your Unraid server Search Community Apps for 2fauth Review the template variables and paths Click Install

Requirements

Read Overview

Categories

Download Statistics

1,954,030
Total Downloads
116,080
This Month
92,731
Avg / Month

Total Downloads Over Time

Loading chart...

Related apps

Explore more like this

Explore all

Details

Repository
2fauth/2fauth:latest
Last Updated2026-06-28
First Seen2022-01-23

Runtime arguments

Web UI
http://[IP]:[PORT:8000]/
Network
bridge
Shell
sh
Privileged
false

Template configuration

PortPorttcp
Target
8000
Value
8805
Appdata PathPathrw
Target
/2fauth
Value
/mnt/user/appdata/2fauth/
APP_NAMEVariable

You can change the name of the app

Value
2FAuth
SITE_OWNERVariable

This should be your email address

Value
mail@example.com
APP_KEYVariable

The encryption key for our database and sessions. Keep this very secure.

Value
SomeRandomStringOf32CharsExactly
APP_URLVariable

This variable must match your installation's external address.

Value
http://Unraid_IP:8805
APP_ENVVariable
Value
local
APP_DEBUGVariable
Default
false|true
Value
false
LOG_CHANNELVariable
Value
daily
LOG_LEVELVariable
Default
info|debug|notice|warning|error|critical|alert|emergency
Value
info
DB_DATABASEVariable

Database config (can only be sqlite)

Value
/srv/database/database.sqlite
CACHE_DRIVERVariable
Value
file
SESSION_DRIVERVariable
Value
file
MAIL_DRIVERVariable
Value
log
MAIL_HOSTVariable
Value
smtp.mailtrap.io
MAIL_PORTVariable
Value
2525
MAIL_USERNAMEVariable
Value
null
MAIL_USERNAMEVariable
Value
null
MAIL_PASSWORDVariable
Value
null
MAIL_ENCRYPTIONVariable
Value
null
MAIL_FROM_NAMEVariable
Value
null
MAIL_FROM_ADDRESSVariable
Value
null
MAIL_VERIFY_SSL_PEERVariable
Default
true|false
Value
true
THROTTLE_APIVariable

Set to null to disable the API throttling.

Value
60
LOGIN_THROTTLEVariable

This setting applies to both email/password and webauthn login attemps.

Value
5
AUTHENTICATION_GUARDVariable
Default
web-guard|reverse-proxy-guard
Value
web-guard
AUTH_PROXY_HEADER_FOR_USERVariable
Value
null
AUTH_PROXY_HEADER_FOR_EMAILVariable
Value
null
PROXY_LOGOUT_URLVariable
Value
null
WEBAUTHN_NAMEVariable
Value
null
WEBAUTHN_IDVariable
Value
null
WEBAUTHN_ICONVariable
Value
null
WEBAUTHN_USER_VERIFICATIONVariable
Default
preferred|required|discouraged
Value
preferred
TRUSTED_PROXIESVariable
Value
*
PROXY_FOR_OUTGOING_REQUESTSVariable
Value
null