# twoken: generate One-Time Passwords from stored token secrets

A command line application to generate One-Time Passwords from token secrets stored in an external password store, like the Unix [`pass`](https://www.passwordstore.org). twoken enables two-factor authentication when a mobile device or dedicated hardware token is unavailable or impractical.

**WARNING** While secrets are stored securely in a password store, using twoken may be less secure than traditional two-factor authentication using dedicated hardware.

## Installation

Either install directly with cargo:

```sh
cargo install twoken
```

Or download a pre-compiled binary from the latest [release](https://codeberg.org/dustinlagoy/twoken/releases).

## Usage

Create a new token (a simulated Yubikey by default) and store it in the password store:

```sh
twoken --new tokens/my-soft-key
```

Generate a One-Time Password (will copy to the clipboard):

```sh
twoken tokens/my-soft-key
```

Generate a One-Time Password and print it:

```sh
twoken --print tokens/my-soft-key
```

## Available password storage backends

twoken currently supports [`pass`](https://www.passwordstore.org), [`gopass`](https://www.gopass.pw), and plain file storage backends. These can be chosen with the `--store` argument.

Note: the plain file storage backend is insecure and should only be used for testing.

## Available token types

twoken supports both simulated [Yubikey](https://www.yubico.com) and Time-Based One-Time Password (as described in [RFC 6238](https://datatracker.ietf.org/doc/html/rfc6238)) tokens. twoken uses Yubikey tokens by default, to use Time-Based One-Time Password tokens add the `--token totp` argument to all commands.