Google 2-step Authentication Support

[medicalwei]

I am now using this app as a OTP for Google account.

It is actually an HOTP time-based token showing 6-digit numbers, and its key is BASE32'd.

If it is implemented, those who use Google account with N900 will be happy :)

[jwhitbeck]

Hi Yao,

Thanks for your feedback. I wasn't aware that google supported OTPs.
Hopefully that will help to make them more mainstream.

In the meantime, have you tried converting the base32 google account key
to a hex key? Unlike MOTP, the HOTP algorithm uses the binary
representation of the key, so it doesn't really matter in what base you
type it in as long as the otp generating program knows how to convert it
to binary.

Let me know how it works.
Cheers,
John

On 11/18/2011 04:38 AM, Yao Wei wrote:

I am now using this app as a OTP for Google account.

It is actually an HOTP time-based token, and its key is BASE32'd.

If it is implemented, those who use Google account with N900 will be happy :)

---

Reply to this email directly or view it on GitHub:
#1

[medicalwei]

I can reproduce my use of Google 2-step Authentication using otpn900 below:

1. Start registering OTP setup on Google.
   Clicking “Can't scan the barcode?” shows the base32 code:

2. Convert the base32 into hexadecimal.

3. Kick up OTP on N900, and set up Google OTP as:

• Algorithm — HOTP
• Counter type — time-based
• Key — The hexadecimal code.

4. Set up the Google OTP token in the OTP generator screen:

• Uncheck “Display Hexadecimal”
• Digits — 6
• Interval — 30 seconds

5. Generate the code, type the code into verification area, and ta-da! The verification passes.

[jwhitbeck]

Great news! thanks for the screenshots.

If you don't mind, I'll update the README for google users (minus the
screenshots of your secret key of course) based on your 5 steps.

When I have a little more time, I'll update the code to allow using
base32 keys directly.

Cheers,
John

On 11/18/2011 11:00 AM, Yao Wei wrote:

I can reproduce my use of Google 2-step Authentication using otpn900 below:

1. Start registering OTP setup on Google.
   Clicking “Can't scan the barcode?” shows the base32 code:

2. Convert the base32 into hexadecimal.

3. Kick up OTP on N900, and set up Google OTP as:

• Algorithm — HOTP
• Counter type — time-based
• Key — The hexadecimal code.

4. Set up the Google OTP token in the OTP generator screen:

• Uncheck “Display Hexadecimal”
• Digits — 6
• Interval — 30 seconds

5. Generate the code, type the code into verification area, and ta-da! The verification passes.

---

Reply to this email directly or view it on GitHub:
#1 (comment)

[medicalwei]

Don't worry, this secret key won't work on my account. I replaced with another one already. :)

[ashneo76]

What program did you use to convert from base32 to hex?

[medicalwei]

Terribly, I was trying to get a JavaScript web program to do so. I
forgot which one I use.

[ashneo76]

Thanks. Your image helped. Found it at: http://www.darkfader.net/toolbox/convert/

[sicelo]

on debian, installing the basez package allows you to do something like echo "YOUR_CODE_HERE" | base32plain -d | hex -c

[baptx]

@sicelo thanks, echo "YOUR_CODE_HERE" | base32plain -d | hex -c worked for me! It is safer to use offline tools than pasting a private key on a third-party website.
It looks like the screenshots of @medicalwei are not working anymore (404 Not Found error).
Note: I had to add 6 times the = character at the end of the code to avoid the error "base32plain: invalid input".