2fa-totp.md - www.codemadness.org - www.codemadness.org saait content files
(HTM) git clone git://git.codemadness.org/www.codemadness.org
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
2fa-totp.md (1735B)
---
1 This describes how to use 2FA without using crappy authenticator "apps" or a
2 mobile device.
3
4
5 ## Install
6
7 On OpenBSD:
8
9 pkg_add oath-toolkit zbar
10
11 * oath-toolkit is used to generate the digits based on the secret key.
12 * zbar is used to scan the QR code text.
13
14
15 ## Steps
16
17 Save the QR code image from the authenticator app, website to an image file.
18 Scan the QR code text from the image:
19
20 zbarimg image.png
21
22 An example QR code:
23
24 
25
26 The output is typically something like:
27
28 QR-Code:otpauth://totp/Example:someuser@codemadness.org?secret=SECRETKEY&issuer=Codemadness
29
30 You only need to scan this QR-code for the secret key once.
31 Make sure to store the secret key in a private safe place and don't show it to
32 anyone else.
33
34 Using the secret key the following command outputs a 6-digit code by default.
35 In this example we also assume the key is base32-encoded.
36 There can be other parameters and options, this is documented in the Yubico URI
37 string format reference below.
38
39 Command:
40
41 oathtool --totp -b SOMEKEY
42
43 * The --totp option uses the time-variant TOTP mode, by default it uses HMAC SHA1.
44 * The -b option use base32 encoding of KEY instead of hex.
45
46 Tip: you can create a script that automatically puts the digits in the
47 clipboard, for example:
48
49 oathtool --totp -b SOMEKEY | xclip
50
51
52 ## References
53
54 * [zbarimg(1) man page](https://linux.die.net/man/1/zbarimg)
55 * [oathtool(1) man page](https://www.nongnu.org/oath-toolkit/man-oathtool.html)
56 * [RFC6238 - TOTP: Time-Based One-Time Password Algorithm](https://datatracker.ietf.org/doc/html/rfc6238)
57 * [Yucibo.com - otpauth URI string format](https://docs.yubico.com/yesdk/users-manual/application-oath/uri-string-format.html)