Well, they don't have to be stored on the password store directory nor
encrypted using the same GPG key.
On 30/12/2016 23:28, Reed Loden wrote:
How is that 2FA if both factors are stored on the same media? Seems
quite insecure to me.
~reed
On Fri, Dec 30, 2016 at 3:16 PM Bertrand Jacquin
<[email protected]> wrote:
Hi,
Thanks to everyone involve in this really nice password tool you've
made, this is something I'm using every day and really enjoy using
it.
Have you ever considered adding an option to handle TOTP, meaning
that the
seed could be stored in a gpg file and pass could provide an easy
way to get
current OTP by using oathtool. For example:
$ oathtool -v --base32 --totp XXX
Hex secret: YYY
Base32 secret: XXX
Digits: 6
Window size: 0
Step size (seconds): 30
Start time: 1970-01-01 00:00:00 UTC (0)
Current time: 2016-12-18 17:42:53 UTC (1482082973)
Counter: 0x2F1D38D (49402765)
799465
Thanks you be really handle for me to just run:
$ pass show -c --totp Web/gandi.net [1]
And being able to paste when Gandi ask for it.
Cheers
--
Bertrand
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
Links:
------
[1] http://gandi.net
--
Bertrand
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
