Here are some notes for managing your own 2FA secrets and generating TOTP codes. Enjoy!

background

The technical documentation for all this: RFC-4226 (HOTP) and RFC-6238 (TOTP).

manually reading QR Codes to get URLs

If you haven't yet, install zbar

brew install zbar

and then read the QR Code into zbarimg

zbarimg qrcode.png

You should see something like this:

QR-Code:otpauth://totp/AcmeInc?secret=MFZWIZTTMRTHGYLEMZSGM4Y&issuer=AcmeInc

If there is no digits or interval parameters, these default to digits=6 and interval=30 by default per the RFC.

manually getting temporary TOTP codes

Learn about oathtool on the oathtool website

Example usage:

oathtool --totp -v -d 6 -s 30s 71f6da3ddbb38cece61c

If you can the error

oathtool: hex decoding of secret key failed

You probably need to add -b for base32

oathtool --totp -v -d 6 -s 30s -b MFSHGZTTMRTHGZQ

If for some reason you need to specify a time, you can specify N (for now):

oathtool --totp -v -N "2020-11-14 07:46:37 UTC" -d 6 -s 30s -b OH3NUPO3WOGOZZQ4
Hex secret: 71f6da3ddbb38cece61c
Base32 secret: OH3NUPO3WOGOZZQ4
Digits: 6
Window size: 0
TOTP mode: SHA1
Step size (seconds): 30
Start time: 1970-01-01 00:00:00 UTC (0)
Current time: 2020-11-14 07:46:37 UTC (1605339997)
Counter: 0x33084A5 (53511333)

getting your secrets out of Authy

Once you learn that all you really need is to know 3 things

1. TOTP secret
2. number of digits
3. TOTP interval

Then you may want to back up this information (securely) from your Authy account!

Carefully read this gist for how to export your authy secrets and TOTP urls.