https://shkspr.mobi/blog/2023/07/an-eink-wrist-mounted-totp-generator/ Terence Eden has a beard and is smiling.Terence Eden's Blog Mastodon. LinkedIn. GitHub. Email. An eInk, Wrist-Mounted, TOTP Generator * By @edent [a] on 2023-07-08 * 2fa arduino eink security watchy * 4 comments * 500 words * Read ~723 times. --------------------------------------------------------------------- Behold! Thanks to the power of the Watchy development platform, I now have all my 2FA codes available at the flick of my wrist! A chunky wristwatch showing the time and a selection of 6 digit codes and their corresponding entities. HOWTO This uses Luca Dentella's TOTP-Arduino library. You will need a pre-shared secret which is then converted into a Hex array. Use the OTP Tool for Arduino TOTP Library to get the Hex array, Base32 Encoded Key, and a QR Code to scan into your normal TOTP generator. Add the Hex array into the code below. To check that it is functioning correctly, either scan the QR code from the OTP Tool above, or use the Base32 Encoded Key with an online TOTP generator. Here's how the code interfaces with the Watchy: #include //include the Watchy library #include "settings.h" #include "sha1.h" #include "TOTP.h" class MyFirstWatchFace : public Watchy{ //inherit and extend Watchy class public: MyFirstWatchFace(const watchySettings& s) : Watchy(s) {} void drawWatchFace(){ ... RTC.read(currentTime); time_t epoch = makeTime(currentTime) - 3600; // BST offset // The shared secret - convert at https://www.lucadentella.it/OTP/ uint8_t hmacKey[] = {}; // e.g. {0x4d, 0x79, 0x4c, 0x65, 0x67, 0x6f, 0x44, 0x6f, 0x6f, 0x72}; int hmacKeyLength = sizeof(hmacKey) / sizeof(hmacKey[0]); TOTP totp = TOTP(hmacKey, hmacKeyLength); char* epochCode = totp.getCode( epoch ); display.print( "TOTP Code Twitter: "); display.println( epochCode ); ... You can grab the full code from GitLab. I'm not very good at C++ - so please let me know what terrible mistakes I've made. Is this a good idea? Well... Yes and no. TOTP is a strong-ish form of Multi-Factor Authentication. It helps prevent attacks where someone already knows your username and password. Having a convenient way to get your TOTP codes may make you more likely to use them. It also prevents you from getting locked out of your accounts if your phone dies or is stolen. Convenient security is good security. But... Having them on your wrist for everyone to see? I've deliberately made the font as small as I can so it is only readable up close. However, if someone is shoulder-surfing your details, they may well see your wrist. The watch isn't encrypted - so even if you hid the codes behind a button press, anyone who steals your watch will have your codes. If they steal your phone, they need to get through your PIN / biometrics. Who are your adversaries? If you are trying to evade state-level actors, thieves specifically targeting you for your crypto-holdings, or an untrustworthy spouse - this probably isn't a great idea. If you don't use 2FA because you don't keep your phone with you - this will probably increase your security posture. Ultimately, all security measures are a trade-off between convenience and control. --------------------------------------------------------------------- Share this post on... * [s]Mastodon * [s]Twitter * [s]Facebook * [s]LinkedIn * [s]Reddit * [s]HackerNews * [s]Lobsters * [s]Pocket * [s]WhatsApp * [s]Telegram More posts from around the site: 4 thoughts on "An eInk, Wrist-Mounted, TOTP Generator" 1. 2023-07-08 11:42 [3de6cef2] [mastodon] Matv1 says: @Edent 'goodness me, elevenses' Lol, forget about 2fa codes, isn't that what makes a programmers life worth living Reply 2. 2023-07-08 12:27 [27367695] [fosstodon] Damian Mehers says: @Edent the last time I wrote serious C code was when I created the Evernote Pebble client ... happy to see the tradition of using C for constrained watch environments continues. Reply 3. 2023-07-08 16:48 [0fb32986] [freeradica] Jenny Andrew says: @Edent swatch time Reply 4. 2023-07-09 01:03 [2231629d] [www] Daniel says: .Beat time should indeed have been the headline here. Decimal time for the win! Reply What are your reckons? Cancel reply All comments are moderated and may not be published immediately. Your email address will not be published. [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comment *[ ] [ ] Name * [ ] Email * [ ] Website [ ] [ ] Notify me of follow-up comments by email. [ ] Notify me of new posts by email. [Post Comment] To respond on your own website, enter the URl of your response which should contain a link to this post. Learn more. [ ] [Ping me!] Found this post useful? Click the icons to support this blog More ways to support my blog Search Search for: [ ] [Search] Get new posts by email Enter your email address to subscribe to this blog and receive brand new posts by email. (Or subscribe to this [rss]Atom Feed.) Email Address [ ] Free Sign Up Join 438 other subscribers. Explore The Archives 2023 January 31 posts February 28 posts March 31 posts April 30 posts May 31 posts June 30 posts July 9 posts August September October November December 2022 January 30 posts February 23 posts March 15 posts April 19 posts May 19 posts June 19 posts July 19 posts August 18 posts September 12 posts October 8 posts November 30 posts December 31 posts 2021 January 31 posts February 28 posts March 31 posts April 30 posts May 31 posts June 30 posts July 31 posts August 31 posts September 30 posts October 31 posts November 30 posts December 31 posts 2020 January 31 posts February 29 posts March 31 posts April 30 posts May 31 posts June 30 posts July 31 posts August 31 posts September 30 posts October 31 posts November 30 posts December 31 posts 2019 January 31 posts February 12 posts March 17 posts April 12 posts May 12 posts June 10 posts July 7 posts August 5 posts September 6 posts October 14 posts November 30 posts December 17 posts 2018 January 8 posts February 4 posts March 6 posts April 14 posts May 5 posts June 6 posts July 6 posts August 13 posts September 14 posts October 8 posts November 30 posts December 4 posts 2017 January 12 posts February 9 posts March 8 posts April 4 posts May 10 posts June 5 posts July 5 posts August 6 posts September 3 posts October 4 posts November 30 posts December 2016 January 10 posts February 10 posts March 11 posts April 9 posts May 8 posts June 9 posts July 6 posts August 9 posts September 4 posts October 2 posts November 30 posts December 14 posts 2015 January 8 posts February 11 posts March 10 posts April 4 posts May 9 posts June 3 posts July 7 posts August 9 posts September 10 posts October 2 posts November 30 posts December 4 posts 2014 January 13 posts February 13 posts March 15 posts April 14 posts May 8 posts June 7 posts July 9 posts August 5 posts September 5 posts October 1 post November 30 posts December 20 posts 2013 January 25 posts February 17 posts March 15 posts April 18 posts May 11 posts June 14 posts July 6 posts August 14 posts September 6 posts October 4 posts November 30 posts December 14 posts 2012 January 14 posts February 8 posts March 13 posts April 15 posts May 10 posts June 16 posts July 8 posts August 8 posts September 6 posts October 6 posts November 30 posts December 31 posts 2011 January 13 posts February 11 posts March 11 posts April 12 posts May 8 posts June 8 posts July 6 posts August 5 posts September 11 posts October 7 posts November 30 posts December 17 posts 2010 January 6 posts February 15 posts March 12 posts April 13 posts May 4 posts June 3 posts July 15 posts August 8 posts September 11 posts October 9 posts November 30 posts December 9 posts 2009 January 1 post February 5 posts March 3 posts April 7 posts May 12 posts June 8 posts July 10 posts August 10 posts September 12 posts October 22 posts November 31 posts December 15 posts 2008 January 2 posts February March 2 posts April 3 posts May 2 posts June July 1 post August 3 posts September 1 post October 3 posts November 2 posts December 1 post 2007 January February March April May June July August September October November 4 posts December 5 posts 2006 January February March April 1 post May June July August September October November 1 post December 2005 January February March 1 post April May June July August September 1 post October November December 2004 January February March April May 5 posts June 3 posts July 1 post August September October November December 2003 January February March 2 posts April May June July August September October November December 2002 January February 1 post March April 3 posts May June July August September October November December 2001 January February March April May June July 1 post August September October 1 post November December 2000 January February March 1 post April May June July August September October November 1 post December 1999 January February March April May June July August September 1 post October November December 1 post 1997 January 1 post February March April May June July August September October November December 1995 January February March 1 post April May June July August September October November December 1987 January February March April May June July August September October November December 1 post * (c) Terence Eden * Contact Me * Subscribe * Citations * Support My Blog * On This Day * Bespoke Computing Consultancy * About Me ISSN 2753-1570