Tim Spurling

something you know vs. something you have vs. something you have thrown at the wall

Smartphones are probably the worst thing about modern life in my opinion, providing a constant illusion of usefulness in stark contrast to the incredible annoyance, frustration and waste of time they actually bring.

While I’ve always been aware of this fact, it was unusually obvious on one particular night out—at the moment that mine froze, for approximately the three-hundredth time, a few seconds before its final tragic demise.

While I was briefly much happier for the loss of a significant source of problems, there was an unfortunate side effect—I was unable to access MetaBroadcast’s incredible VPN, as I’d nothing on which to run the Google Authenticator app that we use to generate 6-digit* TOTP codes.

Fortunately, as Oracle often kindly remind us, “Java is everywhere”—including my old Sony Ericsson—and someone on the internet has helpfully implemented a J2ME app that does the same thing.

Simply enter the key in base32, and make sure your phone’s clock is correct INCLUDING THE DAYLIGHT SAVING TIME OPTION, and it works incredibly well, as long as your phone has working arrow keys and good enough performance to render the stunning marquee animation. (Mine did not.)

If that sounds like it’s going to be a giant pain: you’re right, yes it is, and maybe you’d rather just use your laptop as the second factor? If so, install oathtool (brew install oath-toolkit on an Apple Macintosh) and then you can just alias something to this handy command:

watch oathtool --totp yourKeyInHexadecimal

                <-or->

watch oathtool --totp --base32 yourKeyInBase32

But don’t get it stolen! Obviously.**

Hopefully this will one day help someone who hates phones as much as me, and if you have any relevant helpful tips, please let us know through this other 21st-century mistake. Cheers!

* Tom would like me to point out that we also use a PIN in combination with this to achieve actual two-factor security.

** Tom would also like me to point out that all our hard drives are encrypted.

blog comments powered by Disqus