Building a One-time Password Token
One-time passwords are an alternative to the more common "permanent" passwords. The problem with a "normal" password is that it can be captured during communication, by fake login screens or by key-loggers. Once a normal password is captured, it can be used until it is changed. To avoid this "repetition attack", one-time passwords work just once. For each login, a new password is used. This creates a new problem: how to set up these passwords? One solution is to have a "password book", but that is very clumsy. In this post, we will see how to build a device that generates one-time passwords, one at a time. The other side can use the same algorithm to check the passwords. We will use a Raspberry Pi Pico W board with a MicroPython application. WARNING: This is a demo only. The encrypting key will be in plain text in the code, open to any curious eyes. Do not use this with any real key!