Multiexcerpt |
---|
hidden | true |
---|
MultiExcerptName | preamble |
---|
|
For users not wishing to use a smartphone or to provide a backup device to enable login with TOTP the oathtool command line tool can be used on Linux or MacOS systems to provide a one-time password as an alternative to using an authenticator client on a smartphone [Read more ...] |
For users not wishing to use a smartphone or to provide a backup device to enable login with TOTP the oathtool
command line tool can be used on Linux or MacOS systems to provide a one-time password as an alternative to using an authenticator client on a smartphone.
Multiexcerpt include |
---|
MultiExcerptName | NOQR |
---|
PageWithExcerpt | TOTP: How to activate |
---|
|
Use as:
No Format |
---|
oathtool -b --digits=6 --totp=sha1 "ABCDEFGHIJKLMNOPQRSTUVWXYZ012345" |
Tip |
---|
|
As with using a smartphone as the TOTP client, users should ensure access to the oathtool command line and, in particular, the 32-digit key, is protected. If a shell script is used to provide the command line then this should be readable only by the user (mode 700 or u+rx). It is also strongly recommended that a screenlock is used to prevent access to the display and tool when away from the monitor. Users should also consider password protecting the 32-digit key with, for example, PGP 2 or GnuPG . |