Many 2FA apps require their users to leak their email or their phone number in order to use them, although the whole idea of having a TOTP app is to replace an insecure and non-private authentication such as that via email or phone. Since TOTP authentication does no rely on connecting to a server in order to generate OTP codes, there is no excuse for demanding from the users of the app their email and / or their phone number.
The reason behind demanding such identifiers from the users is not only the business of spam but the collusion of the state with corporations, aka state capitalism. They are in the business of oppressing you, my dear reader.
The following code is a provisional solution of the issue:
#!/usr/bin/env python3 from subprocess import run from time import sleep while True: try: from pyotp import TOTP;break except: run("pip3 install pyotp", shell=True) editor="geany" dctr_of_ks={ "tradeogre":"8XM7TRQLZNUK0K5QJZGOPAMYVN"} def main(): choose() def choose(): while True: ch=input(f"""What is that you want to do? Specify with a number. 1. Display a TOTP code for a service of your choice. 2. Edit this program, for example to add a service requiring TOTP or to change a text editor.\n""") if ch=='1':display_current_code(display_menu(dctr_of_ks));break elif ch=='2': run(f"nohup {editor} {__file__}>/dev/null 2>&1 &", shell=True);break def display_menu(dctr_of_ks): while True: print("Select a service:") for index, key in enumerate(dctr_of_ks.keys(), start=1): print(f"{index}. {key}") choice = input("Select the the service with a number of your choice or press Q to quit) ") if choice.lower() == 'q': print("Exiting...");break try: index = int(choice) if 1 <= index <= len(dctr_of_ks): selected_key = list(dctr_of_ks.keys())[index - 1] print(f"You selected '{selected_key}'.") return dctr_of_ks[selected_key] else: print("Invalid choice. Please enter a valid number.") except ValueError:print("Invalid input. Please enter a number or Q to quit.") def select_name_of_service(): for k in dctr_of_ks: print(k) choice=input def display_current_code(key): totp = TOTP(key) while True: print(totp.now()) sleep(5) if __name__ == "__main__": main()
Provisional it is but it is at least private and transparent. And it can be improved upon. The code can be tweaked to provide more functionalities, such as support for QR codes, or enhanced security, such as reading the keys from an encrypted file with pass instead of hardcoding them in the source file. I might
publish such tweaks in my later posts.
Consider creating an alias in
.bashrc
to conveniently access the app.
from pyotp import TOTP
open source? Before looking through the code, I was thinking this script directly implemented the algorithm, but it looks like the code is more of a CLI wrapper around the above package, providing a management layer to create different TOTP seeds, etc.pyotp.random_base32()
.import
in Python: https://docs.python.org/3/reference/import.html I almost always use it withfrom
in order to avoid importing too much, in the case of this app to avoid importing HOTP for examplefrom
allows for using less repetitive and less error-prone syntax.