HowTo: Get a passcode from DUO Mobile working on the Pinephone
Hey All,
I was forced to use Duo Mobile to use with my work, and I wanted to share a couple of experiences to help anyone else that may have this issue too. First, DUO now supports WebAuthn, I had to ask my IT department to get it to work. This will allow you to use a Yubikey (or other U2F device) on Firefox (as normally it is Chrome only). I just ordered a USB-C Yubikey as well, so I am curious to see if I can get that working on the Pinephone.
I was also successful in getting a passcode working with Gnome Authenticator, thus not needing the DUO mobile app (for those who don't have to use DUO, the "official" way to get a passcode working is to use their app, which is an Andriod/iOS app only. It does not natively support using third party apps, and I suspect that is by design). There is a python script to get it working:
https://github.com/kop316/duo-cli
You can use just the python script only you so choose, but you can also export the secret to your favorite 2fa app (like Gnome-authenticator). Use the
script to export your secret. Note that it uses HOTP, do you have to incriment it at every log in.
As a quick note, look at all of the "Data" in duo_activate.py , and make sure they are reasonable values too. I can only assume they have those values to check them.
I was forced to use Duo Mobile to use with my work, and I wanted to share a couple of experiences to help anyone else that may have this issue too. First, DUO now supports WebAuthn, I had to ask my IT department to get it to work. This will allow you to use a Yubikey (or other U2F device) on Firefox (as normally it is Chrome only). I just ordered a USB-C Yubikey as well, so I am curious to see if I can get that working on the Pinephone.
I was also successful in getting a passcode working with Gnome Authenticator, thus not needing the DUO mobile app (for those who don't have to use DUO, the "official" way to get a passcode working is to use their app, which is an Andriod/iOS app only. It does not natively support using third party apps, and I suspect that is by design). There is a python script to get it working:
https://github.com/kop316/duo-cli
You can use just the python script only you so choose, but you can also export the secret to your favorite 2fa app (like Gnome-authenticator). Use the
Code:
./duo_export.pyscript to export your secret. Note that it uses HOTP, do you have to incriment it at every log in.
As a quick note, look at all of the "Data" in duo_activate.py , and make sure they are reasonable values too. I can only assume they have those values to check them.
