gauth: replace Google Authenticator
With a Go environment already set up, it should be as easy as
go get github.com/pcarrier/gauth.
GOPATH=$HOME/go, it will create a binary
In web interfaces, pretend you can't read QR codes, get a secret like
hret 3ij7 kaj4 2jzginstead.
Store one secret per line in
~/.config/gauth.csv, in the format
name:secret. For example:
AWS: ABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUVWXYZ234567 Airbnb:abcd efgh ijkl mnop Google:a2b3c4d5e6f7g8h9 Github:234567qrstuvwxyz
Restrict access to your user:
$ chmod 600 ~/.config/gauth.csv
gauth. The progress bar indicates how far the next change is.
$ gauth prev curr next AWS 315306 135387 483601 Airbnb 563728 339206 904549 Google 453564 477615 356846 Github 911264 548790 784099 [======= ]
gauthis convenient to use in
$ watch -n1 gauth
Remember to keep your system clock synchronized and to lock your computer when brewing your tea!
gauth supports password-based encryption of
gauth.csv. To encrypt, use:
$ openssl enc -aes-128-cbc -md sha256 -in gauth.csv -out ~/.config/gauth.csv enter aes-128-cbc encryption password: Verifying - enter aes-128-cbc encryption password:
gauth will then prompt you for that password on every run:
$ gauth Encryption password: prev curr next LastPass 915200 479333 408710
Note that this encryption mechanism is far from ideal from a pure security standpoint. Please read OpenSSL's notes on the subject.
- Okta (reported by Bryan Baldwin)
Please report further results to firstname.lastname@example.org.
If your Android phone is rooted, it's easy to "back up" your secrets from an
adb shell into
# sqlite3 /data/data/com.google.android.apps.authenticator2/databases/database \ 'select email,secret from accounts'
Really, does this make sense?
At least to me, it does. My laptop features encrypted storage, a stronger authentication mechanism, and I take good care of its physical integrity.
My phone also runs arbitrary apps, is constantly connected to the Internet, gets forgotten on tables.
Thanks to the convenience of a command line utility, my usage of 2-factor authentication went from 3 to 10 services over a few days.
Clearly a win for security.