NOTE. The code in this repository is a mess. I used it to help me explore and understand one-time passwords. All of which resulted in the Understanding one-time passwords blog post.
Exploring HOTP and TOTP in Ruby.
- Initiative for Open Authentication
- 1Password blog post about addition of TOTP
- Explains why it's not 2FA.
- HOTP
- HMAC based one-time password
- RFC 4226 - HOTP
- HOTP on Wikipedia
- TOTP
- Time based one-time password
- RFC 6238 - TOTP
- TOTP on Wikipedia
- Apps
- Authy
- Only supports TOTP.
- 1Password
- Appears to only support TOTP.
- Google Authenticator
- Supports HOTP (counter) and TOTP (time).
- Authy
Using OATH Tool to generate the same token as Authy when using the the same :
$ oathtool --base32 --totp <shared-secret>
I tested the above command with the shared secret from our GFR GitHub admin user and confirmed that the tokens were the same in both Authy and on the command line.