How to generate a Base32 TOTP secret string on a Mac


A padlock engraved into a circuit board.

I needed a way to generate a TOTP secret using a fairly locked-down Mac. No Brew. No NPM. No Python. No Prolog, COBOL, or FORTRAN. No Internet connection. Just whatever software is native to MacOS. As I've mentioned before, the TOTP specification is a stagnant wasteland. But it does have this to say about the […]

Continue reading →

Why is there no formal specification for otpauth URls?


A QR code.

Yes yes, Cunningham's law etc etc! I want to play around with 2FA codes. So, I started looking for the specification. Turns out, there isn't one. Not really. IANA has a provisional registration - but no spec. It links to an archived Google Wiki which, as we'll come on to, isn't sufficient. There's some documentation […]

Continue reading →