The term 2FA (2-Factor Authentication) is thrown around on every major web service and app. It might sound like just an additional, numerical password. It could also be looked at as an inconvenience since you need to enter yet another passcode, but one that comes as an SMS or e-mail to your device. It takes a while to arrive, it is annoying to copy and paste. It seems like a hurdle no doubt, but there is more to it. What do these terms OTP, TOTP and HOTP mean, and why should you use 2FA to begin with? Is there any way to make life simpler when using 2FA? We hope to answer all those questions.
The first question one might have, is why use an OTP? Aren’t passwords secure enough? Some services only offer OTPs as logins authentication, while others ask you to login using a password, then also enter an OTP. An OTP makes hacking your account infinitely difficult. The minor inconvenience brings in a thick layer of security. Even the inconvenience can be handled with an OTP authentication app.
OTPs are a constantly changing password. In some cases, a randomized number may only be generated by the service you are logging into. To many of us, OTPs are in the hands of the service, but the truth is OTPs, is that they can also be generated on your own device in most cases.
Think of an OTP number as a password that is generated using the same rules or algorithms agreed upon when you enable the 2FA authentication method. There is no denying that waiting for an OTP from the service you are accessing is annoying. You ought to get an SMS or e-mail, then manually type in the OTP into the field. Sometimes, the e-mail gets lost in the spam or the SMS arrives after the entry countdown ends. All of this can be avoided if you use an OTP authentication tool on your phone, PC, or laptop.
OTPs seem like a random number, but they are generated in a few ways. The most popular OTP generation methods are using HTOP, and the more popular TOTP. HOTP stands for hash-based one-time password. The hash algorithm is what determines what the OTP generated is. This is like a secret that the server and the client know and agree upon. TOTP or time-based one-time passwords are generated based on time. The server and client regenerated every 30 or 60 seconds, depending on the decided medium. The OTP generation regardless of the type happens and is known only by the server and client. This is what makes it secure, and this is why it changes.
The point of all this is, you need not wait for OTPs to arrive from the service, when OTPs can be generated on your smartphone, or laptop or PC using an authenticator app. We recently wrote an article around password security, why you ought to change your passwords from time to time, and how a free password manager like KeePassXC can make life simple even if you use complex passwords.
There are many other standalone OTP apps that are not password managers. Some examples of authentication apps are Aegis, AndOTP and Authy. Microsoft and Google also have their own authentication apps if you wish to try them out.
In this example, we will use KeePassXC on our PC to generate OTPs. It is the same tool we use to store our passwords. The same KeePassXC database can be used on a mobile client such as KeePassDX, a mobile app for KeePass databases. You can read our feature to know more. While we are using KeePassXC, you could use any of the above-mentioned apps since the process is identical.
The first thing to do is login to the service. If the service supports 2FA logins, it should be present under the Account or Security sections. Choose to enable the 2FA authentication medium.
Some rare services might have the option of using their own mobile app for authentication, but we wish to use a third-party one. Select Authentication App. You should see a QR code now, which you can scan if you are using a dedicated mobile app. The QR code contains the token that is used to enable the OTP, along with your username, and the service name. Most sites will also display the text token if you click the ‘Cannot see QR code’ option. We will be using this since we plan on enabling OTP for a number of services, and we want this functionality available on mobile devices, but also our laptops and PCs.
If you use KeePassXC to manage your passwords, simply right click on the account and click on TOTP > Set up TOTP. Enter the token you received from your service and click Ok. KeePassXC should generate the OTP for you. Enter that OTP number on your web service. This should enable your 2FA authentication with your service, and your password manager or authentication app. In future, when logging in, you can right-click on the account of your choice and show the OTP number. The mobile authentication app might show OTPs as a simple list.
The service you enabled 2FA on, may also give you the option to store backup codes. You can store them in a file in a safe place, or on a personal notebook. Backup codes are generated just in case you have issues with entering your OTP.
Once that’s done, you can send your KeePassXC database to your mobile device, where you use KeePassDX to check the OTP on your phone, if needed. You should also be able to check the account details and see the current OTP that keeps changing every 30 to 60 seconds.
Now that you have that set up, you no longer will have to wait for an OTP to arrive as an SMS or an e-mail. You can access the OTP with or without any internet connectivity. That’s an upgrade to your security online, and some convenience as well. Found this tip useful? Reliance Digital is a place for more than just the latest products and services. This is also the place you are likely to discover new ideas. If you want to know more, keep checking out this space on reliancedigital.in.
