Two-Factor Authentication #
Most users of the Web these days know about the existence of 2FA, or Two-Factor Authentication. Some extol its virtues, others absolutely despise it. However, many do not understand the concept. The standard implementation does not use SMS messaging, in fact the (usually) six digit code is not sent at all. The short version is that a secret key generated by a remote server is saved in an authenticator program, and this is used to generate the code based on the time.
Passrs #
I recently discovered the program passrs
, a simple rust ncurses TUI application that consists of a TOTP authenticator application. The keybindings are similar to vim, though in reality only a few of the keys are truly necessary. It also contains a rudimentary password manager, and the data is encrypted with a passphrase that you must type on startup.
A terminal “GUI” password manager & authenticator.
Issues #
There are a few quirks that you should know. The first is that you should quit after making changes, so it will save the data. If there’s an abrupt power failure, you could lose the last additions or changes. The second is that you need to keep your system clock set, preferably with NTP. Mismatched time will generate totally wrong codes, so if you’re having trouble logging in at all, check your time!
Of course, some services don’t really follow the standards set forth in RFC6238. Steam is a notable exception, but there are still a few holdouts.
Advantages #
Regardless, this is a great option for someone who wants to add a bit of security to their online activities. It doesn’t require a smartphone, though it appears it was originally designed for a Linux mobile device. It works over a remote terminal, so you can still get in if you forget your phone or other authenticator. It supports xclip, so it’s relatively convenient to copy and paste if you can’t remember the numbers or type quickly. It appears to be relatively secure, uses little system resources, and generally is just out of the way.