OTPilot Authenticator generates 2-Step Verification (OTP) codes in your browser.
Install from the Chrome Web Store
This is a fork of Authenticator-Extension/Authenticator (source of this fork). On top of upstream, this fork adds:
- Encrypted cloud backup to Dropbox — OAuth Authorization Code + PKCE via
chrome.identity.launchWebAuthFlow; no client secret ships in the extension. (Google Drive backup was removed in 2026-07; OneDrive is a disabled placeholder.) - Advisor — security recommendations for your accounts.
- Host-bound autofill — codes are only injected when the page host matches the account.
- Redesigned import flow and a CSS custom-property design system (
sass/_tokens.scss).
# install dependencies (~2 min, downloads puppeteer Chromium)
npm ci
# build for a target
npm run [chrome, firefox, edge, prod]Notes:
- Build output goes to
chrome/(bundles underchrome/js/); these directories are gitignored. npm run prodaborts ifsrc/models/credentials.tsis empty (OAuth credentials are kept out of the repo).chrome/testbuilds only warn — everything works except live cloud backup.- Windows: builds run through
bash scripts/build.sh, so use a full Git Bash (with complete coreutils). Runningnpm testfrom plain PowerShell fails with'bash' is not recognized.
# watch build
npm run dev:chrome
# then load the unpacked extension from the `chrome/` directorynpm testRuns the extension in a real browser via puppeteer with in-browser mocha (headless: false, so a GUI is required).
_locales/en/messages.json is the source of truth for keys. Crowdin is no longer used; other locales are maintained by hand. All locales must have the exact same key set as en, enforced by:
node scripts/check-i18n.jsWe would like to extend our heartfelt thanks to Laurent, the Chief Information Security Officer (CISO) of the University of Luxembourg, and the university's information security team for their invaluable security recommendations to the upstream project.