top | item 37136037

(no title)

Lanedo | 2 years ago

Speaking of solutions, when you want to avoid using a phone, there is oathtool. For example for a GitHub 2FA Link like this:

  otpauth://totp/GitHub:username?secret=BLAHBLUBBLAH&issuer=GitHub

You extract the secret and use it like this:

  oathtool --totp=sha1 --base32 BLAHBLUBBLAH
  268685

discuss

gettodachoppa|2 years ago

Not on my dev PC now (and dont want to access GH on this one).

How do you get that 'otpauth://totp/GitHub:username?secret=BLAHBLUBBLAH&issuer=GitHub' path? Is it something you have to grab from the browser console?

mistrial9|2 years ago

what is that otpauth:// part about?

    $oathtool --totp - -b
    <enter 16digit code>
    6digit result for MSFT-Github

that works daily CLI; oathtool is packaged as part of OpenStack on GNU-Debian-Ubuntu

SaberTail|2 years ago

otpauth:// is a de-facto standard, since Google Authenticator uses it: https://github.com/google/google-authenticator/wiki/Key-Uri-...

The TOTP QR codes decode to one of these URIs