“491293” being the password, having a default validity of 30 seconds (called step size because of the counter based nature of the HOTP behind it). So for the above URI specifying only a secret, a password can be generated as such $ oathtool -totp -base32 pca7uyfht7f6mfs7oiec4aeavxaevish Defaults are not mentioned in the URI and are not necessary to specify explicitly for oathtool. The URI contains all parameters to input into the TOTP algorithm for generating a password usable for 2FA authentication, notably the secret key in base32 format. Scanned 1 barcode symbols from 1 images in 0.02 seconds QR-Code:otpauth://totp/Google%3Auser%?secret=pca7uyfht7f6mfs7oiec4aeavxaevish&issuer=Google Now extract the otpauth URI (seems to be a Google thing) by passing the image file to zbarimg On Debian/Ubuntu this can be done by installing the packages zbar-tools and oathtool. Install the QR-code decoder zbar for extracting the TOTP secet from the image and the OATH toolkit oathtool for generating future TOTP passwords using it. Right click the QR code image, select to save it and put it somewhere you can find it (~/Google_TOTP_QR.png might be sensible). You’ll now get a choice between either iPhone or Android, this will only affect the link to the app store shown on next screen which also contains the QR code, the one we are really after: In my country’s locale, Danish, this is BTW mistranslated as “SKIFT TELEFONNUMMER” = change phone number) Locate the “Authenticator app” section and Click “CHANGE PHONE” (really “CHANGE TOTP SECRET”). Login to your Google Account (maybe using the authenticator?) and go to Account -> Security -> Signin -> 2-step verification. That is not true as a host of alternative Android OTP apps are compatible and can read the QR codes as they are based upon the Authenticator’s legacy as an open source application which Google took private. This is a rather fine contraption but Google doesn’t advertise it very loudly being a standard instead locking the generated TOTP secret into a QR code that they will only imply are for use by their own Google Authenticator. In fact the Authenticator is using a standards based 2FA (two factor authentication) scheme defined by OATH (Initiative for Open Authentication) and published in RFC6238 dubbed TOTP – Time-Based One-Time Password Algorithm (more Authenticator background and it’s basis HOTP). Below you’ll find an illustrated guide for freeing the authentication mechanism used by the Google Authenticator app for Android or iPhone for use on your favorite device (anywhere an implementation is available).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |