Step 7: Configure Google Authenticator
In previous step you retrieved and decrypted your Google Authenticator secret and OpenVPN profile.
In this step you will configure your authenticator app with the secret so you can generate the required codes for two-factor authentication.
Option A: CLI utility (oathtool)
If you are using iTerm2 then you can use built-in password manager to store your authenticator secret.
- Press
option+command+F(or clickWindow > Password Manager) to open password manager - Click
+to add new password entry:- Name: OTP-non-live (or OTP-live)
- Username: Your.Name
- Password: Paste your authenticator secret here
Install
oathtoolif not already installed:brew install oath-toolkitPaste following into your terminal to add handy alias to your
.zshrc:echo '\nfunction oo() { echo -n "Enter the code:\\n" read -s code code=$(oathtool --base32 --totp $code) echo $code echo -n $code | pbcopy }\n' >> ~/.zshrcClose and open terminal or run
exec zshto reload your shellRun alias
ooWhen prompted press
option+command+F, selectOTP-non-liveand press enterAuthenticator code will be generated and automatically copied to your clipboard
⚠️ You will have two separate authenticator secrets for non-live and live if you have access to both environments. So make sure to store each one as separate entries so you can easily retrieve the correct one.
Option B: MS Authenticator App
- Install Microsoft Authenticator App on your mobile device
- Open the app
- Tap the QR code in bottom right
- Tap
Enter the code manually>Work or school account - Enter your email as account name
- Paste your Google Authenticator secret from the decrypted output
Summary Checklist
✓ Authenticator setup in CLI or App
✓ Can generate authentication codes
Next step: Step 8: Configure VPN