[feature] add TOTP two-factor authentication (2FA) (#3960)

* [feature] add TOTP two-factor authentication (2FA) * use byteutil.S2B to avoid allocations when comparing + generating password hashes * don't bother with string conversion for consts * use io.ReadFull * use MustGenerateSecret for backup codes * rename util functions
author: tobi <31960611+tsmethurst@users.noreply.github.com> 2025-04-07 16:14:41 +0200
committer: GitHub <noreply@github.com> 2025-04-07 16:14:41 +0200
commit: 365b5753419238bb96bc3f9b744d380ff20cbafc (patch)
tree: 6b8e8b605c4cddeb6e3bc0f574ffbc856657e56c /README.md
parent: [bugfix] Don't assume `"manuallyApprovesFollowers": true` if not set (#3978) (diff)
download: gotosocial-365b5753419238bb96bc3f9b744d380ff20cbafc.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/README.md b/README.md
index 5e9172926..23209336d 100644
--- a/README.md
+++ b/README.md
@@ -231,6 +231,7 @@ Simply download the binary + assets (or Docker container), tweak your configurat
 - [Import, export](https://docs.gotosocial.org/en/latest/admin/settings/#importexport), and [subscribe](https://docs.gotosocial.org/en/latest/admin/domain_permission_subscriptions) to community-created domain allow and domain block lists.
 - HTTP signature authentication: GoToSocial requires [HTTP Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12) when sending and receiving messages, to ensure that your messages can't be tampered with and your identity can't be forged.
 - Built-in, automatic support for secure HTTPS with [Let's Encrypt](https://letsencrypt.org/).
+- Support for two-factor authentication via time-based one-time passwords (Google authenticator, LastPass authenticator, etc).
 
 ### Various federation modes
 
@@ -426,6 +427,7 @@ The following open source libraries, frameworks, and tools are used by GoToSocia
 - [mvdan.cc/xurls](https://github.com/mvdan/xurls); URL parsing regular expressions. [BSD-3-Clause License](https://spdx.org/licenses/BSD-3-Clause.html).
 - [oklog/ulid](https://github.com/oklog/ulid); sequential, database-friendly ID generation. [Apache-2.0 License](https://spdx.org/licenses/Apache-2.0.html).
 - [open-telemetry/opentelemetry-go](https://github.com/open-telemetry/opentelemetry-go); OpenTelemetry API + SDK. [Apache-2.0 License](https://spdx.org/licenses/Apache-2.0.html).
+- [pquerna/otp](https://github.com/pquerna/otp); One Time Password utilities. [Apache-2.0 License](https://spdx.org/licenses/Apache-2.0.html).
 - spf13:
   - [spf13/cobra](https://github.com/spf13/cobra); command-line tooling. [Apache-2.0 License](https://spdx.org/licenses/Apache-2.0.html).
   - [spf13/viper](https://github.com/spf13/viper); configuration management. [Apache-2.0 License](https://spdx.org/licenses/Apache-2.0.html).
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2025-04-07 16:14:41 +0200
committer	GitHub <noreply@github.com>	2025-04-07 16:14:41 +0200
commit	365b5753419238bb96bc3f9b744d380ff20cbafc (patch)
tree	6b8e8b605c4cddeb6e3bc0f574ffbc856657e56c /README.md
parent	[bugfix] Don't assume `"manuallyApprovesFollowers": true` if not set (#3978) (diff)
download	gotosocial-365b5753419238bb96bc3f9b744d380ff20cbafc.tar.xz