didismusings.com

Exciting New 2FA App: Check 'em – A Unique Approach to Security

Written on

Chapter 1: The Inspiration Behind Check 'em

If you're an app enthusiast but dislike lengthy texts, feel free to jump straight to downloading Check 'em: The Based 2FA App today! Nostalgic for the early 2010s internet days, I fondly recall the chaotic yet thrilling environment of imageboards like 4chan, which served as a final frontier before the online landscape changed drastically.

One of the enduring memes was the "GET," where users took pride in predicting their randomly generated post IDs containing intriguing number sequences. Nowadays, with the mainstream crowd all grown up and busy, the closest experience to that excitement is through multi-factor authentication codes.

If you're familiar, you understand the monotony of repeatedly authenticating your bank, email, or cloud services. Yet, there’s a delightful spark when you receive a unique number like 787000 or 123450.

This sparked an idea. MFA codes employ a well-known algorithm that refreshes every 30 seconds, exposing us to only a fraction of the possible interesting sequences available in our 6-digit authentication codes.

My vision was straightforward: What if your 2FA app notified you every time an intriguing number was generated?

The Proof of Concept

To assess whether this could work, I focused on a few key components:

  1. Generate 2FA secret keys.
  2. Produce 6-digit 2FA codes locally.
  3. Dispatch push notifications for notable sequences like quads, quints, and sextuples.

The Minimum Viable Product

If the idea of receiving notifications for captivating 2FA codes proved effective, I could develop a full-fledged app with essential features, including:

  • Capturing 2FA secrets via the camera.
  • Managing multiple 2FA codes.
  • Allowing users to select which patterns they want to track.

While many dismissed my idea, a few recognized its potential.

Building the Proof of Concept

TOTP (Time-based One-Time Password) is a straightforward method combining two elements: a secret key and the current time, specifically the number of 30-second intervals since Unix time. An algorithm hashes these inputs to generate the familiar 6-digit codes, a process well-supported in Apple's CryptoKit.

To validate this functionality, I set up 2FA on my Google account, displaying the secret in my app using the algorithm. After some hassle with base32 to base64 conversion, I successfully confirmed my 2FA setup.

The first video titled "What's the Best Two-Factor App?" provides an insightful overview of various 2FA applications and their features.

The next step involved generating notifications for these codes.

App Limitations

One significant limitation is our mobile device's constraints. We can't maintain a background process for ongoing 2FA generation, nor store user secrets on a backend server. Therefore, we need to be clever: precompute future 2FA codes and schedule notifications to appear when they are generated in real-time.

With only 64 notifications allowed on iOS, we can optimize our strategy by:

  • Saving notifications that prompt users to revisit the app.
  • Encouraging users to re-enter the app through notification taps, which will trigger a recomputation of the 2FA codes.

With a clear plan in place, it was time to begin building.

Finding Our First GETs

Let’s enhance our 2FA codes by pre-computing numerous codes and implementing a regex to identify "GETs" worthy of checking. My SwiftUI view can conveniently showcase these codes, utilizing a UICollectionView-backed List for optimal performance.

struct ContentView: View {

var body: some View {

List {

ForEach(makeOTPs(), id: .self) {

Text($0)

.fontDesign(.monospaced)

.font(.title)

.kerning(4)

}

.frame(maxWidth: .infinity)

}

}

func makeOTPs() -> [String] {

(0..<10_000).map {

otpCode(increment: $0)

}

}

}

It's looking promising so far.

Initial List of 2FA Codes

Next, we can incorporate a simple regex evaluator to check for trips—TOTP codes with three consecutive digits, like 120333.

extension String {

func checkThoseTrips() -> Bool {

(try? /(d)11/.firstMatch(in: self)) != nil

}

}

Adding a font weight modifier to our Text views will help identify these GETs while scrolling.

Text($0)

.fontWeight($0.checkThoseTrips() ? .heavy : .light)

Check those trips!

Generating Rare GETs

To find rare codes, we adjust our OTP generation to return both the code and its corresponding date.

struct OTP {

let date: Date

let code: String

}

func otpCode(date: Date = Date(), increment: Int = 0) -> OTP {

// code implementation

}

Testing this by generating numerous codes and searching for unique GETs led to some exciting results!

Scheduling Notifications

Now that we know when these interesting codes will appear, we want to queue up a push notification to capture them live.

private func createNotification(for otp: OTP) {

// notification scheduling implementation

}

These notifications are scheduled after generating interesting codes, leading to some thrilling alerts when they align in real life!

The App's Evolution

This app has now evolved beyond a mere random number generator; it effectively signs into my Google account.

Interestingness

To classify different types of interesting numbers, we need to define "interestingness," covering several potential sequences, such as:

  • Repeated numbers
  • Consecutive digits
  • Other mathematically intriguing numbers (e.g., pi or e)
  • Palindromes

We can categorize these as enum cases associated with each OTP we generate.

enum Interestingness {

case sexts

case quints

case quads

}

After refining my proof of concept, I was left with a robust app that captures 2FA secrets, generates codes every 30 seconds, and sends notifications for notable patterns.

Building the Minimal Viable Product

After using the app with its core functionalities for a few days, I realized its potential. Now, it’s time to enhance the app with additional features, including:

  • Scanning 2FA QR codes and securing them in the keychain.
  • Displaying and managing multiple 2FA accounts in the UI.
  • Allowing users to select the numbers they find interesting.
  • Expanding the variety of interestingness.

Human Interface Guidelines

I intend to keep the design straightforward, leveraging standard Apple List view components to ensure accessibility and usability.

Scanning 2FA Secrets

Utilizing open-source libraries such as CodeScanner for QR code scanning and KeychainAccess for securely storing 2FA secrets will streamline development.

otpauth://totp/Google%3Atest%40gmail.com?secret=bv7exx7sltbcqffec1qyxscueydwsu5h&issuer=Google

This makes adding accounts to the app a breeze!

Picking Your Preferred Numbers

By employing SwiftUI's @AppStorage and utilizing Toggles, I can create a user settings screen for selecting numbers of interest.

Belated Customer Research

As an indie developer, I decided to explore existing 2FA apps for inspiration. Surprisingly, many were filled with aggressive paywalls, making my app stand out.

Multiple 2FA Accounts

Supporting multiple 2FA accounts is crucial for users with various logins. Additionally, I updated my keychain code to scan multiple QR codes, securely storing account data.

Synchronizing with iCloud ensures accounts sync across all Apple devices, while I learned to store entire Account objects in the keychain.

Finding Account Icons

To enhance the user experience, I implemented a Google API to fetch FavIcons for each account.

Polishing the UI

With some basic UI work and optimizations, the app is functioning well.

Making the App More Interesting

I introduced various interestingness options to elevate the app's core value proposition.

Probability Theory

To determine the probabilities of each rarity level, I calculated the expected occurrences of specific sequences.

Improving Performance

As processing time increased with rare GETs, I invoked chunking for efficient computation and notification scheduling using Combine.

The App Icon

I aimed to use the iconic "Check 'em!" meme for the app icon but faced copyright concerns.

Final Touches

Before launch, I compiled a list of improvements and bug fixes to enhance the app's performance and user experience.

Collections

To incentivize user interaction, I created a collection feature to store interesting codes.

Haptics

Implementing subtle haptic feedback enhanced user engagement.

The Duplication Bug

I fixed a bug that allowed duplicate accounts during QR scanning with a simple code adjustment.

Codes Not Loading

I resolved issues with codes not queuing properly by ensuring initial defaults were set.

TipKit

Utilizing iOS 17's TipKit provided guidance for first-time users.

The Store Listing

With everything in place, I set up the store listing and prepared for launch.

Download Check 'em: The Based 2FA App today!

Conclusion

Thank you for following my journey! This project has been incredibly rewarding, combining my love for pattern recognition with technical challenges. As I focus on performance for future releases, I welcome feedback and suggestions for numbers you'd like to see. If there's interest in an Android version, I'm open to sharing my source code!

Share the page:

Twitter Facebook Reddit LinkIn

-----------------------

Recent Post:

# Embracing a Life Beyond Ego: The Path to True Liberation

Explore how transcending ego can lead to a more fulfilling life, free from emotional clutter and self-victimization.

Embracing Change: Navigating Life's Unexpected Turns

Discover how to adapt and thrive when plans go awry through a personal story.

Unlocking Steady Income: Practical Ways to Earn Online

Discover legitimate methods to earn online, exploring various opportunities to generate income effectively.

Revolutionizing Communication: How Neuralink May Transform Tech

Explore how Elon Musk's Neuralink could reshape communication and the smartphone industry, bringing innovative changes to technology.

The Search for Extraterrestrial Intelligence: Are We Alone?

An exploration of the Anthropic Principle and the search for intelligent life beyond Earth.

The Emotional Journey of Unrequited Love in Chapter 3

A deep exploration of unreciprocated feelings, longing, and the beauty of love captured in a moment.

Promising Advances in Chlamydia Vaccine Clinical Trials

An update on chlamydia vaccine trials reveals promising results, emphasizing the importance of awareness and education about STIs.

Solving the Intriguing Logic Puzzle: A Journey with Matt, Can, and Cheat

Discover the captivating logic puzzle featuring Matt, Can, and Cheat, blending storytelling with algebraic reasoning.