Quite some time ago I moved all my multifactor authentication tokens into
my preferred password manager, zx2c4's pass.
As a command line utility, it is extremely powerful but to manage one-time
passwords you need to provide the URL for the secret, this is usually in the
form of otpauth://totp/Label?secret=[BASE32 ENCODED SECRET] and is what is
encoded in those fancy QR codes that most websites produce. Most websites
will give you the secret directly if you ask, generally by pressing a button
under the QR code but Etsy does not so I went to figure out a quick way to
get the secret from the QR code.
I put together the following quick Python script that uses the
qrtools library, which I installed on
Debian using the
python3-qrtools
package. The script is super easy and it outputs the otpauth URL which I
pasted into the pass entry for Etsy.
#!/usr/bin/env python3
import os
import sys
from qrtools import QR
def usage():
print(f'usage: {os.path.basename(sys.argv[0])} qr_code_image_file')
if __name__ == '__main__':
if len(sys.argv) != 2:
usage()
sys.exit(1)
fn = sys.argv[1]
if not os.path.exists(sys.argv[1]):
print(f'Cannot read {fn}')
usage()
sys.exit(1)
qr = QR(filename=fn)
qr.decode()
print(qr.data)
There are a bunch of different options out there, but too many of them require you to send your secret to someone's server which totally defeats the purpose of MfA. Hopefully this will help you avoid that pitfall.