I made a web extension to provide another 2FA possibility for websites - I would love any thoughts, technical and otherwise

In Summary :

The idea is pretty simple. You install this web extension and then when you go to a website that supports it (there are none yet, I just finished coding the extension), you can enter a secret in the web extension and on the site. Without this secret, you are denied access.Basically what it means is that if you set this up, the only people who will be able to access your account on supported websites is if they are on your device, using a browser with the web extension installed and the secret for the domain saved, or if they steal your secret.The project is at https://github.com/PalFed/2-FactorialTechnically how it works:You put the secret in the extension and on the site (different secrets per site)When you request a page, your browser sends two extra headers, one with a SHA256 hash, one with a saltThe website checks the hash and only allows access if it matches the same hash generated from the website's copy of the secret with the salt.I would love any thoughts as to whether this has value, how it could be improved or made more secure, where it might fail etc. etc. I mostly created it because I have been wanting to learn how to create web extensions, then I had this thought and ran with it! [...]

kindly refer the following link as follow up :
https://ift.tt/2winauX