Project:Infrastructure/Two-factor authentication

This page mostly aims to amend different documentation on two-factor authentication software (e.g. on GitHub) that is usually incomplete and focused on using cell phones.

OTP algorithms
The following algorithms are frequently used to implement one-time passwords used as the second factor:
 * HOTP (HMAC-based): RFC4226
 * TOTP (time-based): RFC6238

Gentoo-related sites using OTP

 * GitHub — Gentoo organization requires 2FA enabled. The following 2FA options are supported:
 * TOTP (‘mobile app’)
 * OTP sent via SMS messages
 * U2F [TODO: describe what that is]

Android applications

 * Recommended: FreeOTP (Red Hat)
 * Official Google app: Google Authenticator

Console TOTP via oathtool
(courtesy of Ulrich Müller)

provides command line tools to handle HOTP/TOTP.

Enable ‘mobile app’ authentication, display the key as text string (there's a link near the qrcode) and store it securely.

At any point, to get the current TOTP token: