OTP Autofill Authenticator

Detects login + 2FA forms and autofills TOTP codes. Two-step email flow, QR scan, encrypted vault, otpauth import/export.

Tired of reaching for your phone every time a site asks for a 2FA code? OTP Autofill Authenticator generates TOTP codes right in Chrome and types them into the verification screen for you — securely. HOW IT WORKS 1. Add your accounts: scan a QR code (on any page or from an image file), paste an otpauth:// link, or type the secret manually. 2. Log in as usual. The extension detects the 2FA screen and fills the right code for the right account — it even remembers which email you used on each site, so two-step flows pick the correct account automatically. 3. The first time on a new site you approve it with one click. After that, codes fill automatically — but only on sites you approved. SECURITY FIRST • Optional master password: your secrets are encrypted at rest with AES-256-GCM (PBKDF2-SHA256, 600,000 iterations). Unlock once per browser session, with optional auto-lock. • Secrets never touch web pages: pages only ever receive a single 6-digit code, and only on domains you approved. Cross-site iframes get nothing. • Anti-phishing matching: an account tied to github.com will never fill on github.evil.com. • Encrypted, passphrase-protected backups — plaintext export only behind an explicit warning. • Copied codes are wiped from your clipboard after 45 seconds. • 100% local: no servers, no sign-up, no telemetry, no analytics. Open source. WORKS EVERYWHERE • Single code fields, 6-box grids, and hidden-input OTP widgets • Shadow DOM and single-page apps • Two-step logins (email first, code later) — even when the OTP screen shows no email field • Keyboard shortcut: Ctrl+Shift+9 IMPORT / EXPORT • otpauth:// URIs, JSON, QR codes, Google Authenticator-style per-account QRs • Duplicate-aware import with override • Encrypted backup file you can restore on any machine OPEN SOURCE Code, issues and security notes: https://github.com/deivid11/otp-autofill-chrome-extension