What is TOTP?
Having 2 Factor Authentication on all your accounts is a good way to keep your data more secure. With 2FA logins, not only is a username and password needed, but also a one-time-use code. There are a few different ways to get that code, such as by email, phone or SMS. But my favorite way is to do it is via a 'Google Authenticator' time-based OTP (one time password), also known as a TOTP.
Using an app on your phone like Authy or Authenticator, you set up a secret code given to you by the service, then every 30 seconds, a new code is generated for you. What's extra nice is that the Google Authenticator protocol is supported by just about every service and phone/tablet.
So What's The Problem?
I could use my phone, but it's not always at my desk. It also may be charging or dead. Or maybe someone doesnt own a phone?
A Solution!
Luckily for us, the Google Authenticator protocol is really simple - You just need to be able to know the current time, and run a SHA1 hash.
Ladyada previously built a device which uses a Feather ESP8266 to display her TOTP codes.
This guide is a version of this device which uses the PyPortal. The PyPortal has WiFi so it can connect to NTP to get the current time at startup and a full-color touchscreen display.
The code supports displaying up to 5 keys which you can select by tapping the buttons on the PyPortal's display.
The PyPortal case used in this guide is the PyPortal Retro Case designed by the Ruiz Brothers. Click here to learn more and visit the guide...
THIS IS NOT A QUESTION MORE OF A COMMENT. YOU ARE PROGRAMMING THE TOTP SECRET INTO THE FLASH OF THE MICROCONTROLLER AND ITS NOT ENCRYPTED OR PROTECTED AT ALL ANYONE COULD BREAK INTO YOUR APARTMENT, GO TO YOUR BEDROOM, LOOK ON YOUR DESK, FIND THIS AND THEN CONNECT IT UP TO THEIR HACKER LAPTOP TO GRAB YOUR SECRET KEY THEN IF THEY HAD YOUR USERNAME AND PASSWORD THEY WOULD BE ABLE TO LOG IN AS YOU AND THIS IS REALLY INSECURE ITS SO IRRESPONSIBLE TO CONSIDER PUBLISHING A PROJECT LIKE THIS BY THE WAY DID YOU SEE THAT SNOWDEN APP? MAYBE YOU CAN RUN THAT ON A PHONE SO YOU CAN WATCH YOUR DESK REMOTELY AND MAKE SURE NOBODY BROKE IN TO STEAL YOUR PYPORTAL? OH WAIT YOU JUST SAID YOU DON'T HAVE A PHONE. OK I DONT KNOW WHAT MY QUESTION IS
This project is probably not for you
Page last edited March 08, 2024
Text editor powered by tinymce.
