home |  electronics |  toolbox |  science club |  tuxtalk |  photos |  e-cards |  online-shop



July 2022

A html/javascript based TOTP token generator

One Time Passwords are increasingly common and many companies prefer that you use their apps. This results in quite a number of apps that you have to have on you phone. Here is a javascript based solution that works on many platforms, browsers or phones. It works even on old phone where new apps will no longer install. The html/javascript based OTP generator can work with multiple systems. You just select the one you want from the drop-down list.

Here is the TOTP token generator. Save the html page of the token generator on your computer, edit the code (open it with a text editor) and safe it on your phone:
http://tuxgraphics.org/~guido/javascript/totp-web.html

The code supports a drop-down list for multiple TOTP tokens.

Note the code in this html/javascript page executes locally only and does not send any data anywhere.

Here is how to use it e.g with Microsoft's MFA (Multi Factor Authentication). See: https://mysignins.microsoft.com/security-info

Go to "security info" and click "Add sign-in method". This brings up a pop-up and click on "I want to use a different authenticator app".

mfa.png
click on "I want to use a different authenticator app"

This brings up a new page with a QR-code to scan. You can decode this code with the linux program zbarimg. Take a screenshot cut-out the QR-code and save it as file.png. Run "zbarimg file.png" and you get a sting that looks like
"otpauth://.... secret=....&issuer=Microsoft"

You want the code after the "secret=". This is the code you insert into the html code.

The algorithm of this html/javascript based OTP generator is a time based one time password known as google authenticator, OATH-TOTP or TOTP.

You can also use the linux commandline tool oathtool (command: oathtool -b --totp "the_secret_string_goes_here" ).

Back to: "No preservatives added"



© 2004-2024 Guido Socher