I felt challenged when my geeky/talented colleagues discussed how to automate generation of an OTP ( One Time Password ) on Mac. After an hour of effort I could make it work on my Macbook Pro with freely available and built-in utilities.
Before I list out the steps for the setup, a huge DISCLAIMER!
This method relies on an insecure storage of the token/key/secret. Understand the risks involved and use it at your own risk. If you know or find a better/easier way to do the same, send me a link to the documentation and I will happily update the post and recommend the link as the first place to go.
- Whether it is your workplace or any site, you should be given or should have means to generate a Software Token. You have to be careful of the kind (TOTP or HOTP) token you generate, this setup is using TOTP. The URL under the QR code of the form shown gives that away:
- Install Homebrew
For colleagues at Red Hat : When generating the token, choose Advanced Options on the right and select Enroll TOPT Token. The secret is embedded in the URL under the QR code).
Step 1 : Install OATH Toolkit1
Run the following command to install the OATH toolkit
brew install oath-toolkit
Step 2 : Script the OTP generation
Build two files in your home directory as shown below
# Use the OTP token provided to you in the following command echo "[OTP Token]" > ~/.totp_key
Copy/Paste the following script as
key=`cat ~/.totp_key` code=`oathtool --totp -b -d 6 $key` echo -n $code | pbcopy
If you were doing the same on Fedora, following would be the script:
key=`cat ~/.totp_key` code=`oathtool --totp -b -d 6 $key` echo -n $code | xclip -selection clipboard #xdotool key ctrl+v sleep 0.4; xdotool type "$(xclip -selection clipboard -o)"
Step 3 : Script an Automator service
- Open Automator application on your Mac
- Choose Service as the document you want to work with
- In the search window on the left, type
Run Shell Scriptand double click on it. Paste
. ~/.totp_scriptin the window presented
- Now type
Run AppleScriptin the search window, double-click on the result and paste the following piece of code into the window presented
- Save the service as TOTP
on run tell application "System Events" to tell (1st process whose frontmost is true) to keystroke "v" using command down end run
Step 4 : Assign a keyboard shortcut to the service
- Open System Preferences → Keyboard → Shortcuts
- Choose Services on the left hand side and navigate to TOTP service on the right side
- Click/Highlight the service and click on
- Provide a unique key combination as shortcut. The one I chose was Shift + Command + 1
Step 5 : Enjoy the shortcut!
Click into any text box of any window and invoke the shortcut. It will paste the 6 digit OTP just as how Yubikey does.
For colleagues at Red Hat: Make sure you resync the token before you could start using it with the pin.