| Multiexcerpt |
|---|
| hidden | true |
|---|
| MultiExcerptName | preamble |
|---|
|
For users not wishing to use a smartphone or to provide a backup device to enable login with TOTP the oathtool command line tool can be used on Linux or MacOS systems to provide a one-time password as an alternative to using an authenticator client on a smartphone [Read more ...] |
For users not wishing to use a smartphone or to provide a backup device to enable login with TOTP the oathtool command line tool can be used on Linux or MacOS systems to provide a one-time password as an alternative to using an authenticator client on a smartphone.
| Multiexcerpt include |
|---|
| MultiExcerptName | NOQR |
|---|
| PageWithExcerpt | TOTP: How to activate |
|---|
|
Use as:
| No Format |
|---|
oathtool -b --digits=6 --totp=sha1 "ABCDEFGHIJKLMNOPQRSTUVWXYZ012345" |
| Tip |
|---|
|
As with using a smartphone as the TOTP client, users should ensure access to the oathtool command line and, in particular, the 32-digit key, is protected. If a shell script is used to provide the command line then this should be readable only by the user (mode 700 or u+rx). It is also strongly recommended that a screenlock is used to prevent access to the display and tool when away from the monitor. Users should also consider password protecting the 32-digit key with, for example, PGP 2 or GnuPG. |