AirGapped TOTP

Isn’t keeping your 2FA codes connected to the internet kinda insecure? In today’s episode of lets overcomplicate established procedures for marginal security improvements, I made an e-ink based, battery operated TOTP device. It’s a dedicated device to do TOTP, so instead of having to store them on your phone (where they can be remotely attacked), you store them in your bag (where they can be stolen 😄). However, since OTPs are the “something you have”, that’s alright, because random theives won’t have your passwords.

More …