What is TOTP?

Having 2 Factor Authentication (2FA) on all your accounts is a good way to keep your data more secure. With 2FA logins, not only is a username and password needed, but also a one-time-use code. There are a few different ways to get that code, such as by email, phone or SMS. But my favorite way is to do it is via a 'Google Authenticator' Time-based One Time Password, also known as a TOTP.

Using an app on your phone like Authy or Authenticator, you set up a secret code given to you by the service, then every 30 seconds, a new code is generated for you. What's extra nice is that the Google Authenticator protocol is supported by just about every service and phone/tablet.

Perfect for when you don't have your phone handy, or don't want to noodle with Authy all day. Plus it types it in for you!

Why Use a MacroPad?

So a simple smartphone app could take care of all your TOTP needs. Why use a MacroPad? Maybe you don't have a smartphone, or don't have yours always handy near your PC. Also, by emulating a HID keyboard, the MacroPad can type in the code for you. So by having a MacroPad tethered to your PC via a USB cable, you'll have a TOTP device always at the ready.

There are also a few other guides that provide similar capabilities using different hardware platforms. Be sure to check them out as well:

Parts

The main item needed is an Adafruit MacroPad and associated parts. You can get all of these via a kit:

Strap yourself in, we're launching in T-minus 10 seconds...Destination? A new Class M planet called MACROPAD! M here stands for Microcontroller because this 3x4 keyboard...
Out of Stock

Or a la carte if you already have some of the items or what to customize things, like use different keebs.

Strap yourself in, we're launching in T-minus 10 seconds...Destination? A new Class M planet called MACROPAD! M here, stands for Microcontroller because this 3x4 keyboard...
Out of Stock
Dress up your Adafruit Macropad with PaintYourDragon's fabulous decorative silkscreen enclosure and hardware kit. You get the two custom PCBs that are cut to act as a protective...
$4.95
In Stock

And, if you go a la carte, don't forget keyswitches and keycaps.

A real-time clock (RTC) breakout is also needed to keep track of current time. Here are some options:

This is a great battery-backed real time clock (RTC) that allows your microcontroller project to keep track of time even if it is reprogrammed, or if the power is lost. Perfect for...
$4.95
In Stock
The datasheet for the DS3231 explains that this part is an "Extremely Accurate I²C-Integrated RTC/TCXO/Crystal". And, hey, it does exactly what it says...
$13.95
In Stock
This is a great battery-backed real time clock (RTC) that allows your microcontroller project to keep track of time even if it is reprogrammed, or if the power is lost. Perfect for...
$7.50
In Stock

These RTC breakouts all use the same CR1220 coin cell battery:

These are the highest quality & capacity batteries, the same as shipped with the iCufflinks, iNecklace, Datalogging and GPS Shields, GPS HAT, etc. One battery per order...
Out of Stock

These RTC breakouts all use I2C. To connect the RTC to the MacroPad, a STEMMA QT cable can be used. For an RTC breakout, can solder the header pins that come with it and then connect to those with one of these:

This 4-wire cable is a little over 150mm / 6" long and fitted with JST-SH female 4-pin connectors on one end and premium female headers on the other. Compared with the chunkier...
$0.95
In Stock

FAQ

THIS IS NOT A QUESTION MORE OF A COMMENT. YOU ARE PROGRAMMING THE TOTP SECRET INTO THE FLASH OF THE MICROCONTROLLER AND ITS NOT ENCRYPTED OR PROTECTED AT ALL ANYONE COULD BREAK INTO YOUR APARTMENT, GO TO YOUR BEDROOM, LOOK ON YOUR DESK, FIND THIS AND THEN CONNECT IT UP TO THEIR HACKER LAPTOP TO GRAB YOUR SECRET KEY THEN IF THEY HAD YOUR USERNAME AND PASSWORD THEY WOULD BE ABLE TO LOG IN AS YOU AND THIS IS REALLY INSECURE ITS SO IRRESPONSIBLE TO CONSIDER PUBLISHING A PROJECT LIKE THIS BY THE WAY DID YOU SEE THAT SNOWDEN APP? MAYBE YOU CAN RUN THAT ON A PHONE SO YOU CAN WATCH YOUR DESK REMOTELY AND MAKE SURE NOBODY BROKE IN TO STEAL YOUR MACROPAD? OH WAIT YOU JUST SAID YOU DON'T HAVE A PHONE. OK I DONT KNOW WHAT MY QUESTION IS

this project is probably not for you

This guide was first published on Jul 19, 2021. It was last updated on Jul 19, 2021.

This page (Overview) was last updated on Sep 24, 2021.

Text editor powered by tinymce.