Small Grant: Decentralized 2FA Authenticator via Sia

Grants Rejected
1

Grant Proposal for Decentralized 2FA Authenticator Extension Using Sia

Project Name: Decentralized 2FA Authenticator via Sia

Submitted by:
Nikita Orlov

Project Overview

This project aims to develop a browser extension for secure 2FA (TOTP) management, similar to Google Authenticator — but with a critical difference: secrets are stored client-side and backed up via the decentralized Sia network using a user-provided renterd node. No centralized services are involved.

Users will be able to connect to their own Sia node using a node address and password, then store an encrypted file containing all their TOTP secrets. The extension provides a simple, minimalist UI, allowing users to securely manage and sync their 2FA data across devices without giving up control.

Key Features

  • Browser Extension UI:

    • Add tokens via QR code or manual entry

    • Filter/search through accounts

    • Edit or remove tokens

    • View time-based codes in real time

  • Decentralized Storage via Sia:

    • Local encrypted file holding TOTP entries

    • File uploaded/downloaded from user’s renterd node

  • Secure and Self-Hosted:

    • Node connection using only local credentials

    • No external backend, no tracking

Who Benefits From This Project?

  • Privacy-conscious users who don’t trust centralized 2FA sync tools

  • Self-hosters and developers using Sia

  • Anyone seeking a lightweight, open-source 2FA tool with true data ownership

How Does the Project Serve the Mission of User-Owned Data?

All secrets are encrypted on the client and stored on infrastructure the user controls. The project removes dependency on closed platforms or opaque cloud sync systems, fully aligning with the vision of decentralized, user-owned data.

Grant Specifics

Amount Requested: $7,500 USD

Budget Breakdown:

  1. Extension Development & Sia Integration: $6,500

    • UI/UX, TOTP generation, QR parsing

    • Encrypted storage and renterd integration

    • Search/filtering and sync logic

  2. Infrastructure, Tools, and Publishing: $1,000

    • Node hosting and testing environment

    • Chrome store fees

    • Design, logo, and documentation tools

Timeline (1.5 Months)

  • Week 1–2:

    • Implement core extension (QR scanner, TOTP display, UI layout)

    • Local encrypted storage and account management

  • Week 3–4:

    • Integrate with renterd for uploading/downloading encrypted file

    • Add manual sync flow and caching logic

  • Week 5–6:

    • Full testing (offline/online modes)

    • Final UI polish, documentation, and deployment to stores

Open-Source Commitment

Yes, all code will be released under an open-source license on GitHub.

Progress Reporting

Yes, progress updates will be submitted biweekly during the development period.

Contact Info

Email: [email protected]
Discord: stringnick6408

2

Hello, glad to see you made a new proposal :).

I personally have no issues against this proposal, though I think it would be a better fit inside a password manager, which has been started at Small Grants SecureSphere: Decentralized Password Management and Breach Monitoring.

You should update the request though as the foundation will ask you to use the Zen test net instead of giving you a subsidy for live testing.

Kudos.

1 Like
3

Hi, thanks — I updated the testnet status.
I think this small grant can still help the ecosystem. It’s a simple version of Google Authenticator with limited features.
Right now, I didn’t find a better idea that I can finish before trying a full standard grant.
If you or someone from the team has a better idea for a first project, I’m open to suggestions.

1 Like
4

Thanks for your proposal to The Sia Foundation Grants Program.

After review, the committee has decided to reject your proposal citing the following reasons:

  • The committee wasn’t sure about the viability or usefulness of the proposal. Pointing to a user renterd node is exceedingly simple, and paying for additional development beyond that didn’t sit well with them.
  • Typically 2fa is most secure when provided from a second device, not a browser extension of the main computer.
  • Risks must be specified for grant proposals, and there were none here.

We’ll be moving this to the Rejected section of the forum. Thanks again for your proposal, and you’re always welcome to submit new requests if you feel you can address the committee’s concerns.