TOTP support in password-store

Reed Loden reed at reedloden.com
Sat Dec 31 00:28:12 CET 2016


How is that 2FA if both factors are stored on the same media? Seems quite
insecure to me.

~reed

On Fri, Dec 30, 2016 at 3:16 PM Bertrand Jacquin <bertrand at jacquin.bzh>
wrote:

> Hi,
>
>
>
> Thanks to everyone involve in this really nice password tool you've
>
> made, this is something I'm using every day and really enjoy using it.
>
>
>
> Have you ever considered adding an option to handle TOTP, meaning that the
>
> seed could be stored in a gpg file and pass could provide an easy way to
> get
>
> current OTP by using oathtool. For example:
>
>
>
> $ oathtool -v --base32 --totp XXX
>
> Hex secret: YYY
>
> Base32 secret: XXX
>
> Digits: 6
>
> Window size: 0
>
> Step size (seconds): 30
>
> Start time: 1970-01-01 00:00:00 UTC (0)
>
> Current time: 2016-12-18 17:42:53 UTC (1482082973)
>
> Counter: 0x2F1D38D (49402765)
>
>
>
> 799465
>
>
>
> Thanks you be really handle for me to just run:
>
>
>
> $ pass show -c --totp Web/gandi.net
>
>
>
> And being able to paste when Gandi ask for it.
>
>
>
> Cheers
>
>
>
> --
>
> Bertrand
>
> _______________________________________________
>
> Password-Store mailing list
>
> Password-Store at lists.zx2c4.com
>
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20161230/d6d0c87d/attachment.html>


More information about the Password-Store mailing list