twoken: generate One-Time Passwords from stored token secrets

A command line application to generate One-Time Passwords from token secrets stored in an external password store, like the Unix pass. twoken enables two-factor authentication when a mobile device or dedicated hardware token is unavailable or impractical.

WARNING While secrets are stored securely in a password store, using twoken may be less secure than traditional two-factor authentication using dedicated hardware.

Installation

Either install directly with cargo:

cargo install twoken

Or download a pre-compiled binary from the latest release.

Usage

Create a new token (a simulated Yubikey by default) and store it in the password store:

twoken --new tokens/my-soft-key

Generate a One-Time Password (will copy to the clipboard):

twoken tokens/my-soft-key

Generate a One-Time Password and print it:

twoken --print tokens/my-soft-key

Available password storage backends

twoken currently supports pass, gopass, and plain file storage backends. These can be chosen with the --store argument.

Note: the plain file storage backend is insecure and should only be used for testing.

Available token types

twoken supports both simulated Yubikey and Time-Based One-Time Password (as described in RFC 6238) tokens. twoken uses Yubikey tokens by default, to use Time-Based One-Time Password tokens add the --token totp argument to all commands.