LIMITED OFFER
Get up to ₹1,000 OFF
Use coupon MYProject when you book via WhatsApp/Call. We don’t sell online.
Python • Flask/Tkinter • pyotp • SMTP/Twilio • SQLite
Two-Factor Authentication (2FA) — Time-Limited OTP via Email/SMS
Stop account takeovers with OTP-based second step. Secure generation, auto-expiry, and HMAC/pyotp validation — ready to plug into web or desktop logins.
- ✓6-digit OTP with secure RNG & configurable TTL
- ✓Email (SMTP) and SMS (Twilio) delivery options
- ✓SQLite logs, rate-limit, and lockout policies
Delivery in 3–5 days • Pan-India support
*Demo video placeholder. Replace with your link.
1. Introduction
The Two-Factor Authentication (2FA) System Using OTP is a Python project that adds a dynamic, time-limited One-Time Password to standard username/password logins. OTPs are generated with cryptographically secure methods and delivered via Email (SMTP) or SMS (Twilio). Only users who both know the password and possess the OTP can log in, defeating credential leaks and password reuse.
2. Existing System vs Proposed System
Existing System
- Single-layer username/password only.
- Vulnerable to brute-force, phishing, reuse.
- No time-bound verification step.
Proposed System
- Two-step verification with Email/SMS OTP.
- OTPs auto-expire (e.g., 2 minutes).
- Secure token generation (secrets/pyotp + HMAC).
- Works with web and desktop apps.
3. Working
- User Login Attempt: Enter username & password.
- Step 1 Validation: Credentials checked in DB.
- OTP Generation: Secure 6-digit code created.
- OTP Delivery: Sent via Email (SMTP) or SMS (Twilio).
- Step 2 Verification: User inputs OTP in UI.
- Access: Granted if OTP matches and is within expiry; else denied.
4. Technology Stack
- Language: Python
- Libraries: smtplib, pyotp, secrets/random, time, Flask/Tkinter, hashlib
- Backend: SQLite3 (users, OTP logs, timestamps)
- APIs: Twilio (SMS), SMTP (Email)
- Security: SHA-256 password hashing, HMAC/pyotp OTP validation, rate limiting
5. Modules
User Authentication
Password check + lockouts.
- SHA-256 hashing
- Brute-force limits
OTP Generation
Secure, time-bound codes.
- pyotp/TOTP or random
- TTL/expiry logic
OTP Delivery
Email or SMS.
- SMTP templates
- Twilio API
Verification
Validate & expire.
- HMAC/pyotp verify
- Replay protection
Database
Users & logs.
- SQLite schema
- Audit trails
Notification
Success/Failure UX.
- Toast & email alerts
- Admin summaries*
*Optional based on institute requirements.
6. Advantages
- Strong protection against theft/phishing.
- Time-based OTPs with auto-expiry.
- Easy integration into existing logins/APIs.
- Scales from small apps to large user bases.
- Flexible Email/SMS channels.
7. Applications
- Banking, payments, and e-commerce auth.
- Enterprise/government portal logins.
- Education/healthcare systems with sensitive data.
- IoT/smart home secure access.
Python Integration Sketch (Flask + pyotp/SMTP/Twilio)
# 1) Password check
user = db.get_user(email)
if not verify_sha256(password, user.hash): deny_login()
# 2) Generate OTP (TOTP or random)
# Option A: Time-based (pyotp)
totp = pyotp.TOTP(user.secret, interval=120, digits=6)
otp_code = totp.now()
# Option B: Random 6-digit
otp_code = f"{secrets.randbelow(1000000):06d}"
db.store_otp(user.id, otp_code, expires_at=now()+120s)
# 3) Deliver via Email or SMS
send_email_smtp(user.email, template("Your OTP", otp_code))
# or
send_sms_twilio(user.phone, f"Your OTP is {otp_code}. It expires in 2 minutes.")
# 4) Verify OTP
def verify_otp(input_code):
if TOTP_mode:
return totp.verify(input_code, valid_window=1) # slight clock skew
else:
rec = db.fetch_latest_otp(user.id)
return rec.code == input_code and now() < rec.expires_at
# 5) On success -> create session; else -> log + deny + lockout on retries
Delivery includes Flask/Tkinter UI screens, SQLite schema (users, OTP logs), SMTP & Twilio adapters, rate-limit/lockout policies, email templates, and report-ready docs.
What You Get
| Item | Included | Notes |
|---|---|---|
| Python Source Code | ✅ | Flask/Tkinter + SQLite |
| OTP Engine (pyotp/random) | ✅ | Configurable TTL & length |
| Email/SMS Delivery | ✅ | SMTP + Twilio adapters |
| Security Policies | ✅ | Hashing, HMAC, lockouts |
| Demo Video | ✅ | Setup & working walkthrough |
| Report & PPT | ✅ | College-format templates |
| Support | ✅ | Installation + viva Q&A (1 month) |
FAQs — 2FA Using OTP
We provide resend with cooldown, channel fallback (Email→SMS), and deliverability logs to diagnose issues.
Yes. pyotp supports TOTP (Google Authenticator, Authy). You can enable app-based codes instead of SMS/Email.
SMS is convenient but not perfect. For higher security, prefer TOTP apps or hardware keys. Our kit supports TOTP mode too.
Need a production-style 2FA project?
Get the 2FA OTP kit with code, demo, docs, and support.
WhatsApp Us Now