I have written open-source software that you can use as an alternative to Google/Microsoft Authenticator on any device (that Go can cross-compile for). You may (for instance) run it on your Raspberry Pi (zero) and use it as a “semi-hardware” token. The software does not (yet) support QR code scanning, so you you need to manually enter the name and secret to set up the token.

Time-based One Time Passwords (TOTP)

Time-based One Time Passwords (TOTP) is a technology where you agree on a shared secret with an authentication system. This shared secret is often shared via a QR code and stored in for instance a smartphone. The shared secret is combined with the UTC time in seconds in then hashed to produce a 6 digit code that is valid for 30 seconds. This is the protocol that is used by Google Authenticator and Microsoft Authenticator.

Text mode user interface (TUI)

I have chosen to create a text mode application to make it really easy to cross compile and build the application. This also means that the application uses very little resources and is very small (4 megabytes) even though all dependencies are statically linked.

Roadmap, more features

There are several features that I can think of that this project may get/need:

  • Alternative key store implementation (for instance Java Keystore compatible).
  • Copy/paste functionality, so that the 6 digit code may be copied to the clipboard.
  • A HTML/CSS based GUI (maybe as a different project).
  • A list view to avoid having to scroll through all tokens.
  • A search option to find a specific token or start the software at a specific token.

Maybe even support for other/better protocols, based on public/private key encryption, such as ‘WebAuthn’.

Download

You can find the code on my Github. Go to the releases section to download binaries and source code (click on ‘Assets’).

https://github.com/mevdschee/go-soft-token

Try it out and let me know what can be improved through the Github issues.

Enjoy!