privacyIDEA is a modular authentication server that can be used to implement 2fa with your existing applications. Can use many different back-ends, from LDAP to Active Directory to flat files. Has a self-service portal for users. Policies enforce different requirements on groups. Supports HOTP, TOTP, SafeNet, eToken Pass, Safeword, OTP cards, Google Authenticator, RADIUS, SMS one-time tokens...
Has a TokenClass which is designed for adding new authentication devices. Has a REST API. Plugins for many services available. Supports detailed audit logging. Supports multiple databases for its datastores. Database contents are AES encrypted.
Github repo: https://github.com/privacyidea/privacyidea
MinTOTP is a Python tool that can be used to generate TOTP values from a secret key. Additionally, it exposes its functionality as module-level functions for Python developers. It can be used on any system with Python 3.4 or later installed on it. 30 lines of code (counting empty lines).
An open source server that runs on *NIX machines and as an app for Android devices which generates a one-time password for authentication. Each setup is unique to and configured for your service or app, so it's not possible for someone to authenticate to your application just because they have the same app. Includes a PAM module for restricting access to systems.
How to set up an Ubuntu machine to require Google Authenticator to SSH in.
Several different ways of configuring SSH on servers to use multiple authentication methods in succession for greater security.
3749 links, including 199 private