Google Authenticator is great, but I don't really want to be tied to my mobile phone for logging into Google Services. Yubikey is the ideal form factor for a two-factor authentication device, so why not integrate the two?
Well now, you can!
This code is primarily a proof of concept at the current time and although functional, requires some manual interaction to get started.
Available under the ISC License.
- Python >=2.6 or 3.x
- ykchalresp (found in the yubikey-personalization package)
- Cross-platform GUI Personalization tool
- Set up Google Authenticator on your Google settings like you would for a mobile phone.
- Below the QR code, press the expand button so you can see your base32-encoded secret key.
yubi_goog.py --convert-secretthis will prompt you for your base32-encoded secret and output a result in hex.
- Program that secret into your Yubikey as a HMAC-SHA1 challenge-response key. I had to use the GUI tool available from Yubico
- Whenever you are prompted for a one-time password from google, just run
yubi_goog.py --yubiand the output will be a one-time password usable for up to one minute 30 seconds.