💾 Archived View for edwardtefft.com › posts › 2021-04-03-authy.gmi captured on 2021-12-17 at 13:26:06. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Published 2021-04-03
I've found that some websites required/requested me to set up two factor authentication with a one-time password generated by a smartphone app such as Authy or Google Authenticator. Recently, I was looking into whether there was an easier or more straightforward way to generate one-time passwords, preferably from the Linux terminal. There is! It is called oathtool (in Slackware, this is the oath-toolkit package from slackbuilds.org). Here is a link to its website:
https://www.nongnu.org/oath-toolkit/
The way I usually use oathtool is as follows (in bash):
$ while true; do > oathtool --totp -b -s <# of seconds> -d <# of digits> <secret key> > sleep 1 > done --totp generate a one-time password based on time -b expect a base32 encoding of the secret key instead of hex -s how often the password changes in seconds -d number of digits in the one-time password
I already had several sites linked to the Authy app on my smartphone though. Fortunately, there is a way get the information I needed (# of seconds, # of digits, and the secret key) out of Authy. This required setting up Authy for the Linux desktop which is only available as a snap as far as I could tell... I did not see a clean way of using snaps in Slackware (I prefer to use the Slackware package manager for everything), so I did the following in Manjaro, installed in a qemu virtual machine. This is pretty much a reiteration of the guide I found here:
https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93
1. Install Twilio Authy for the desktop. The snap is available at:
2. Link your Authy account to the desktop program.
3. Close Authy and restart it from the terminal with the following:
$ authy --remote-debugging-port=5858
4. In Chrome or Chromium, open
http://localhost:5858
5. Click the Twilio Authy link.
6. In the Chrome Developer Tools top nav bar, go to "Application", then "Frames" and expand "top".
7. Right-click "main.html" and choose "Open in containing folder".
8. Paste the contents of the file below (it's javascript I think) into the console.
9. Copy out your secret keys ("TOTP secret:...") and the URIs. Note that the URI has the # of digits ("...digits=...") and the # of seconds as well ("...period=..."), which are needed.
Keep in mind that both Authy and oathtool depend on the local time of the machine being accurate, so make sure your time is synced with the internet with ntpd or something similar. In practice, I've found that the output of oathtool is offset by a few seconds from the output of Authy for some reason. But, I've not yet run into any problems logging into websites with the oathtool-generated passwords.
See this page for getting keys out of Google Authenticator (untested):
https://wiki.archlinux.org/index.php/Google_Authenticator#Code_generation
See this page for a way to keep your secret keys safe and how to use oathtool from the start (untested):
https://www.cyberciti.biz/faq/use-oathtool-linux-command-line-for-2-step-verification-2fa/
Good luck!