Feb 042016

QR Authentication ExampleTwo-factor authentication is a beautiful thing. You have a key, apply a bit of TOTP magic and you’ll get an unique code changing with time. To use it just run a mobile application of your choice (e.g. Google Authenticator) and scan the QR code.

If you have a bunch of pre-existing keys in textual format (e.g. recovering after phone reinstall), wouldn’t it be really useful to generate a QR code based on them?

Fortunately, the key format is really well documented in the Google Authenticator repository. In its simplest form it is otpauth://totp/LABEL?secret=KEY. Simply swapping LABEL and KEY for desired values should do the trick – e.g. otpauth://totp/Test?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ.

To generate a QR code scannable by mobile phone application, any QR service supporting simple text encoding will do. I personally prefer goqr.me as they offer a lot of customization options and (supposedly) they don’t store QR data. Final QR code will be perfectly well read by any authenticator application out there and the key will be imported without any issue.

For the advanced scenarios, there are quite a few more advanced setting and tweaks you can do but this simplest format probably covers 90% of needs.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.