What is TOTP?

Having 2 Factor Authentication on all your accounts is a good way to keep your data more secure. With 2FA logins, not only is a username and password needed, but also a one-time-use code. There are a few different ways to get that code, such as by email, phone or SMS. But my favorite way is to do it is via a 'Google Authenticator' time-based OTP (one time password), also known as a TOTP.

Using an app on your phone like Authy or Authenticator, you set up a secret code given to you by the service, then every 30 seconds, a new code is generated for you. What's extra nice is that the Google Authenticator protocol is supported by just about every service and phone/tablet.

So What's The Problem?

I could use my phone, but it's not always at my desk. It also may be charging or dead. Or maybe someone doesnt own a phone?

A Solution!

Luckily for us, the Google Authenticator protocol is really simple - You just need to be able to know the current time, and run a SHA1 hash.

Ladyada previously built a device which uses a Feather ESP8266 to display her TOTP codes.

This guide is a version of this device which uses the PyPortal. The PyPortal has WiFi so it can connect to NTP to get the current time at startup and a full-color touchscreen display. 

The code supports displaying up to 5 keys which you can select by tapping the buttons on the PyPortal's display.

Parts

Adafruit PyPortal - CircuitPython Powered Internet Display

PRODUCT ID: 4116
PyPortal, our easy-to-use IoT device that allows you to create all the things for the “Internet of Things” in minutes. Make custom touch screen interface...
$54.95
IN STOCK

Adafruit PyPortal Pynt - CircuitPython Powered Internet Display

PRODUCT ID: 4465
The PyPortal Pynt is the little sister to our popular PyPortal - zapped with a shrink ray to take the design...
$44.95
IN STOCK

Fully Reversible Pink/Purple USB A to micro B Cable - 1m long

PRODUCT ID: 4111
This cable is not only super-fashionable, with a woven pink and purple Blinka-like pattern, it's also fully reversible! That's right, you will save seconds a day by...
$3.95
IN STOCK

FAQ

Where did you get that awesome PyPortal Case?

The PyPortal case used in this guide is the PyPortal Retro Case designed by the Ruiz Brothers. Click here to learn more and visit the guide...

A Note on Security

THIS IS NOT A QUESTION MORE OF A COMMENT. YOU ARE PROGRAMMING THE TOTP SECRET INTO THE FLASH OF THE MICROCONTROLLER AND ITS NOT ENCRYPTED OR PROTECTED AT ALL ANYONE COULD BREAK INTO YOUR APARTMENT, GO TO YOUR BEDROOM, LOOK ON YOUR DESK, FIND THIS AND THEN CONNECT IT UP TO THEIR HACKER LAPTOP TO GRAB YOUR SECRET KEY THEN IF THEY HAD YOUR USERNAME AND PASSWORD THEY WOULD BE ABLE TO LOG IN AS YOU AND THIS IS REALLY INSECURE ITS SO IRRESPONSIBLE TO CONSIDER PUBLISHING A PROJECT LIKE THIS BY THE WAY DID YOU SEE THAT SNOWDEN APP? MAYBE YOU CAN RUN THAT ON A PHONE SO YOU CAN WATCH YOUR DESK REMOTELY AND MAKE SURE NOBODY BROKE IN TO STEAL YOUR PYPORTAL? OH WAIT YOU JUST SAID YOU DON'T HAVE A PHONE. OK I DONT KNOW WHAT MY QUESTION IS

This project is probably not for you

This guide was first published on Jan 14, 2020. It was last updated on Jan 14, 2020.
This page (Overview) was last updated on Sep 02, 2020.