Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.

HPR4503: One time passwords using oathtool

Hosted by Whiskeyjack on 2025-11-05 00:00:00
Download or Listen

HPR Comments

Whiskeyjack says: One time passwords using oathtool

RE: hpr4503::2025-11-05 One time passwords using oathtool by Whiskeyjack
00:13:09 Listen in ogg, opus, or mp3 format.
@candycanearter07 - Using oathtool OTP is no different from using a special smartphone OTP app. Both follow the Oath standard.

The reason that I started using oathtool was because Github and Pypi made OTPs mandatory. After putting it off as long as possible I was determined to find a solution that didn't involve giving either of them a phone number to send an SMS to or to install their OTP app. I thought there must be a way to do this with a free software application on my PC, and there was. It just took a bit of digging to figure it out.

Any website that uses an Oath standard OTP will have some sort of key that they need to give to you, typically by going to a web page where you generate one after logging in. It's not any more difficult than say changing your password and you only have to do this once for each site.

The main issue is as said, Github and Pypi at least did not document their Oath options, or at least they didn't when I started using it a while ago.

Anyone who wants to use oathtool for Github or Pypi though now knows what options are needed after having listened to this podcast episode.

interesting, but... says: candycanearter07

RE: hpr4503::2025-11-05 One time passwords using oathtool by Whiskeyjack
00:13:09 Listen in ogg, opus, or mp3 format.
I think it's really cool that you can generate OTP's locally, and I'm a bit annoyed that companies don't let you do this in the first place, but I think it would be a bit impractical for me to actually use daily, since you'd need to figure out the secret code for each website individually, as well as which sha version they're using.

Also, theres a pretty easy way to automatically copy the code to the clipboard, its something I use a lot in my own scripts:

printf $CODE | xclip -selection c

(using printf to remove the leading newline)

Mastodon Comments

More Information...

Copyright Information

Unless otherwise stated, our shows are released under a Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license.

The HPR Website Design is released to the Public Domain.