OATH One Time Passwords Allow Login to Gmail, Dropbox, AWS

Update, 5.2.2016: Amazon Web Services (AWS) is not compatible due to extra long secrets.

We are proude to announce the release of a beta firmware containing a new feature of one time passwords: OATH One time passwords are (another) way to securely authenticate users (but not to encrypt data). Other than proprietary mechanisms, OATH is a young and open standard (RFC 4226, 6238). Implementations exist for various applications and network services. It allows you to securely login to Gmail and Google Apps, Dropbox, Amazon Web Services (AWS), Apache, Linux, SSH and many more.

OATH exists in the basic HOTP variant and the more secure time-based challenge response variant TOTP. A small tray application has been developed for Windows, Linux and Mac OS X which allows configuring and using the one time passwords with the Crypto Stick. Ten slots for different passwords (resp. accounts) are available (see image). OATH is not to be mistaken with OAuth which is totally different thing.

This work was sponsored by Google Summer of Code 2012 and our umbrella project FOSSAsia. We plan to release OATH in a subsequent revision of the Crypto Stick in addition to Crypto Stick's current features. However in order to do so an annual $1000 membership fee is required by the OATH organization which includes the required vendor ID. Before releasing this feature we need your support to cover these costs for at least the first year. Please donate whatever you can. Thank you for supporting the Crypto Stick.

Tool to configure the Crypto Stick's OATH settings


Add new comment

Fill in the blank.

Nitrokey - Made in Germany