Adding Google authenticator support to RFID password keeper

The latest upgrade to my DIY gadget that keep passwords and log in to Windows with a swipe of an RFID card is the support of Google authenticator.

In brief, the gadget is an Atmel based micro-controller connected to an RFID card reader, packaged in the form-factor of a name card holder. With a USB connection to any Windows based PC, all I need to do to log in is to wave my card.

Although supporting static passwords only, this gadget served me well along the years. In recent years I found myself relied more on dynamic authentication like one time passwords provided by Yubikey and Google Authenticator.

These are proven technologies for multi-factor authentication, and I trusted this with many of my Amazon AWS based linux hosts.

Even though the Google authenticator is already very user friendly via its Android app, to use it I have to pull the phone out of pocket and start the app, read the six digit code and then type it in as quickly as possible.

To make life easier, I recently upgraded this RFID gadget to support one time password for Google authenticator. The upgrade in term of programming is easy as the algorithm is open (RFC-6238) and there are handful of libraries available. The obvious hurdle for implementing TOTP on this gadget is the lack of a real time clock (RTC) for the micro-controller to compute the required authentication code. Although most RTC modules are compact these days, fitting one more PCB board to this already cramped gadget is not easy.

So for now I will settle with an alternative – since the micro-controller supported serial communication, providing the time source by the PC host itself can easily be achieved with a simple Powershell script below:

$utctime=[int][double]::Parse($(Get-Date -date (Get-Date).ToUniversalTime()-uformat %s))
$port= new-Object System.IO.Ports.SerialPort COM7,9600,None,8,1
$port.open()
$port.WriteLine($utctime)
$port.Close()

Just run this script to feed the timestamp, and then swipe the RFID card as usual at the SSH prompt asking for Google authenticator verification code. Happy with this upgrade.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s