One-time-password (OTP) and its time-based version (time-based OTP, or simply TOTP) are commodity solutions to provide a second factor, in addition to simple passwords, for authentication.

Here Jose Damico proposes his way to implement a simple TOTP device using only open-source tools. The core of the project is an Arduino board connected to a small LCD. From the software perspective, the SHA-1 library comes from Cryptosuite, a cryptographic library for Arduino.

The device, which is OATH-compliant, will be presented soon to the “13th Fórum Internacional Software Livre“, that will be held in Porto Alegre, Brazil, in next July 25-28.

More information can be found here.

[Via: Hack A Day]

Get your feet wet with Time-based One-Time Password (TOTP) security by building your own Arduino OATH system. OATH is an open standard authentication system that provides a platform to generate tokens, making your login more secure than a password alone would.

The TOTP approach is what is used with many companies that issue hardware-based dongles for logging in remotely. This security may have been compromised but it’s still better than passwords alone. Plus, if you’re building it around an Arduino we’d bet you’re just trying to learn and not actually responsible for protecting industrial or state secrets.

The hardware setup requires nothing more than the Arduino board with one button and a screen as a user interface. Since the board has a crystal oscillator it keeps fairly accurate time (as long as it remains powered). It will push out a new token every thirty seconds. The video after the break shows that the Arduino-calculated value does indeed match what the test box is displaying.