For users not wishing to use a smartphone or to provide a backup device to enable login with TOTP the oathtool
command line tool can be used on Linux or MacOS systems to provide a one-time password as an alternative to using an authenticator client on a smartphone.
The page UDOC:TOTP: How to activate was not found -- Please check/update the page name used in the MultiExcerpt-Include macro
Use as:
oathtool -b --digits=6 --totp=sha1 "ABCDEFGHIJKLMNOPQRSTUVWXYZ012345"
A note on security
As with using a smartphone as the TOTP client, husers should ensure access to the oathtool command line is protected. If a shell script is used to provide the command line then this should be readable only by the user (mode 700 or u+rx).
It is also strongly recommended that a screenlock is used to prevent access to the display and tool when away from the monitor. Users may also want to consider protecting the key with, for example, PGP 2
or GnuPG
.