Fork me on GitHub

otp: one-time passwords in go

GoDoc Star

otp, the library

The `otp` library implements HMAC-based one-time passwords. By extension, this includes time-based passwords. See GoDoc for full documentation, but here are some highlights:

$ go get

2fa, the terminal authenticator

There is nothing magical or secure about using your phone to implement 2-factor authentication. Sure, mobile phones provide us with some awesome conveniences (scanning QR codes is nice), but the primary security advantage of 2-factor authentication results from the fact that dictionary attacks against such systems are futile.

Install and Initialize

Use the Go tool to install 2fa. Run `init` to create a dot-file config in your home directory.

$ go get
$ 2fa init
$ cat ~/.2fa.toml 
# 2fa configuration
# Example:
# [key.label]
# issuer = "The Issuer"
# secret = "Base32 encoded secret key"

Add a Key

Tip: Keep the label short and lean on the `issuer` entry for a longer description if you have multiple keys to manage with the same service. Here is an example:

issuer = "GitHub"

List Keys

2fa was modeled after the Go tool's clean interface. To list keys in your config, run the `list` command:

$ 2fa list
Label   Issuer
gh      GitHub

Get a Code

Codes are built to Google Authenticator defaults: 30 second period, SHA1 hashing, 6 digits long.

$ 2fa calc gh
814498 (16 seconds)

Get QR Codes

Want to print your codes as convenient QR code images or transfer them to Google Authenticator? Start up the QR code server.

$ 2fa qrcodes
serving QR codes at http://localhost:3000