Show HN: Auto-OTP: automatically send and receive OTPs, end-to-end encrypted
auto-otp.comHi HN. My name is Apoorve, I am 23 year old undergraduate student.
I share a lot of internet accounts (Netflix, prime etc.) with my friends and family, and recently have been in OTP (one-time-password) hell. I built Auto-OTP to securely send and receive OTPs from people I trust.
This is mostly meant as a beta release so please do check it out and share your feedback :)
I built something similar with Shortcuts or whatever the iOS automation thing is called.
1. Receive otp 2. Launch automation which posts entire message content to url 3. Broadcast message to other people in my circle.
It works fine so long as my OTPs arrive correctly.
Hey, that’s pretty cool!
I have a question about your method - Are all messages broadcasted to the server? If only the ones with an OTP, are OTP messages for all apps broadcasted to those people?
In Auto-OTP, the OTP can be forwarded to different people app-wise. For example, you may choose who should receive the OTP for app1, who receives for app2 etc.
I have a rule which searches for the keyword OTP in incoming SMSes so not all messages get forwarded.
With this Shortcut her information is posted to a url, iOS requires the user to click okay to execute the action. So, you still have control on whether a message gets broadcast or not.
E.g., if a friend messages me asking “hey, did you get the OTP?”, my shortcut will prompt me to broadcast the SMS via the url but I can choose not to.
Oh, that's amazing! Thanks for the reply :)
Can someone explain what the use case for this is?
I clearly am not the target audience as I've never forwarded an OTP... but I'm curious what other people are doing that makes this needed.
Hey!
The primary use case is for multiple people wanting to access an account that is behind 2FA.
Example of such folks are - 1) My dad wanting to access my bank account details without having to trouble me 2) Me wanting to login to my brother’s OTT accounts (hotstar, prime etc.) 3) CAs needing bank access for small business owners
Feedback: The "Lifetime" pricing shows "$90/mo". I suspect this is supposed to be "$90", but I'm not certain.
Thanks so much, fixed it! :)
You should probably define "OTP" somewhere on the page. Maybe just spell it out "One Time Password (OTP)" the first time you use it.
Thanks for the feedback! I feel so dumb, gonna fix first thing in the morning :)
So this automatically degrades 2-factor to… 1 factor again. The security model doesn’t instill a lot of confidence in me, being that you expect user-interaction as a means of security. It’s already bad enough people are tying their OTP with their credentials in password managers…
It’s still 2 factor, just that a few permitted people have access to the one time password. It’s identical to manually sharing the OTP, just automated.
> The security model doesn’t instill a lot of confidence in me, being that you expect user-interaction as a means of security.
Could you please elaborate on what this means?
they are describing a trend where security is omitted or skipped because it’s inconvenient. even though OTP is used to increase security, it’s inconvenient for people so they go around it like this.
Seems like a very useful product. Will give it a try
Thanks a lot! Looking forward to your feedback