Step 7: Configure Google Authenticator
In previous step you retrieved and decrypted your Google Authenticator secret and OpenVPN profile.
In this step you will configure your authenticator app with the secret so you can generate the required codes for two-factor authentication.
Option A: CLI utility (oathtool)
If you are using iTerm2 then you can use built-in password manager to store your authenticator secret.
- Press
option+command+F(or clickWindow > Password Manager) to open password manager - Click
+to add new password entry:- Name: OTP-non-live (or OTP-live)
- Username: Your.Name
- Password: Paste your authenticator secret here
Install
oathtoolif not already installed:brew install oath-toolkitPaste following into your terminal to add handy alias to your
.zshrc:echo '\nfunction oo() { echo -n "Enter the code:\\n" read -s code code=$(oathtool --base32 --totp $code) echo $code echo -n $code | pbcopy }\n' >> ~/.zshrcClose and open terminal or run
exec zshto reload your shellRun alias
ooWhen prompted press
option+command+F, selectOTP-non-liveand press enterAuthenticator code will be generated and automatically copied to your clipboard
⚠️ You will have two separate authenticator secrets for non-live and live if you have access to both environments. So make sure to store each one as separate entries so you can easily retrieve the correct one.
Option B: Google Authenticator App
- Install Google Authenticator App on your mobile device
- Open the app
- Tap the plus (+) symbol in the bottom right
- Tap
Enter a setup key - Enter your email as account name
- Paste your Google Authenticator secret from the decrypted output into the
Your keyfield - Tap
Add
Summary Checklist
✓ Authenticator setup in CLI or App
✓ Can generate authentication codes
Next step: Step 8: Configure VPN