# oathtool to replace Google Authenticator

As reported two posts back, our new admin tool at work requires
2-factor-authentication (2FA) for logging in. The IT people
recommend Google Authenticator, which is a no-go for me, because
I don't use Google Play any more. So I had a look at [oathtool][1]
for a CLI tool, and it works well also under FreeBSD. However, the
idea of 2FA of course is to have the tool on another device than
where you log in.
(Horror side note: our IT suggest using some Chrome plugin, the
name I've forgotten for security reasons, in case people don't have
a smartphone. Cool, so they generate the 2FA code with the same
browser that's loading the login site. What could go wrong?)

On my cheap non-Google-Play phone, I have termux running, and
oathtool is available as well. Sweet! So I installed the authkey
(which you have to rip out of the QR code our IT system provides)
together with a script for easy managing of more than just a
single TOTP access, and it works sans issue.

.:.

[1]: http://www.nongnu.org/oath-toolkit/