Comment by Sanzig
2 days ago
Hmm. I wonder if there would be a market for a super simple TOTP authentication device with an e-paper display. Kind of like those RSA tokens with the LCDs, but more modern and able to hold any number of TOTP credentials.
Getting the credentials loaded could be a bit of a pain without a camera for QR code scanning. Easiest solution would be via Bluetooth to a companion app, which you would probably want anyway for periodic time sync (likely wouldn't be worth it to embed a GNSS receiver just to update the time).
Probably be a pretty small market, but as a niche Kickstarter device? I could see a small but loyal customer base.
Sounds like a job for a second phone, one which you'd just be extra careful to only use for one purpose. It can be cheap as balls, but it will have a QR-compatible camera and whatever else we may have come to expect from such a device. :)
Yup. Just use a secondary 5-year old phone for dirt cheap. I was actually considering doing it once, but the convenience takes a hit.
Make sure your GNSS receiver supports OSNMA, and be _extremely_ trusting of your battery-backed RTC and profoundly skeptical of time jumps over a certain magnitude.
GNSS spoofing is trivial now and it's an extremely useful way to manipulate a target device's idea of time, which breaks all sorts of things. (SSL certificate validity periods...)
This is nearly what you’re looking for (well, not that close, but it’s got the right spirit):
https://blog.singleton.io/posts/2022-10-17-otp-on-wrist/
I would love this, but only if it also successfully implemented a few disparate authentication protocols that essentially do the same things (prove identity) but are regrettably proprietary - like the de facto standard electronic ID in Sweden, BankID.
Token2 make this: https://www.token2.com/shop/product/molto-2-v2-multi-profile...
They also do single-token cards: https://www.token2.com/shop/category/programmable-tokens
Yubikey?
Yubikey does TOTP on-board, but you need to connect it to a phone or computer (no display or on-board power). It solves a different problem, where you want to have your TOTP credentials on a tamper resistant hardware security module. It doesn't solve the "don't want to carry around a phone for TOTP" problem.
This doesnt make sense. If you need a 2FA code then you are obviously using some device like a laptop already. Yubikey totally solves the "need a second personal device" problem.
> It doesn't solve the "don't want to carry around a phone for TOTP" problem.
It does—if you carry the Yubikey you don't need a phone.
If you read a six-digit pin from an e-ink display, you have to type it into your computer.
If you grab it from a plugged-in yubikey, you can copy and paste it. That seems way easier
A yubikey works great for this
I used to use a yubikey but have now moved onto a fingerprint sensor and passkeys. Doesnt work for all sites but does for most of them.
they exist, in my country they are available as alternative to smartphone apps for identity auth. (ie you can choose between android, iphone, and TOTP LCD device.)
Flipper Zero supports that
[dead]