2FA Device from Scrap
Let me tell you about a gadget that I'm especially proud of. It's not elegant or inventive in any way, but I really like it, because it was built from scrap parts, extremely simple and does its job well.
The requirement was to create 2FA device, so multiple persons could use it. One of the possible solutions could be to use an old smartphone, but you know about security of old smartphones right?
- Raspberry Pi (the first one), some case and SD card
- Old credit card, because it holds screws well, and is easy to shape using a stationery knife
- NumPad Keyboard because it has arrows
↓necessary to scroll through Bash history and
Enterkey. (Sometimes you need to connect a full keyboard to do maintenance)
- RTC module to keep time while Raspberry is off
- Some random 1.8 20x8 display. Can't remember where it came from, but it was less than 5 bucks on eBay
- Lots of duct tape
2FA keys are really simple. This article explains the approach. Basically, the device runs minimal Linux with
oathtool installed. Bash shell is shown, and all you do is scroll through
oathtool --base32 --totp "$(cat keyfile.key)" history using
↓ arrows. New keys are copied using USB. The device is secure because it will be never connected to the internet.
▐ ██ ██ ▌▐ ██ ██ ▐ ▐ ▐ ▌▐ ▌ ▌ ▐ ██ ██ ██ ██ ██ ▐ ▌ ▐ ▐ ▐ ▌▐ ▐ ██ ██ ▐ ██ ██
↑ This should look like image bellow if your fonts are not messed up: