Building a 2FA TOTP generator using a Raspberry Pi Pico and MicroPython
I have recently become very interested in microcontrollers, in particular the Raspberry Pi Pico. Not only is it ridiculously affordable (just over £3), it provides so much scope to be used in many different projects. One such project I wanted to explore was building an independent Time-based One-time password (TOTP) device.
I have been using the likes of Google Authenticator and Authy for many years, but really wanted to gain a deeper understanding for the specific building blocks that Time-based One-time password’s are built upon. This led me to investigate the viability of building such a solution using a Raspberry Pi Pico - combined with MicroPython and the Pico Display Pack. Thanks to some great resources I was able to do just that.
Below is a list of the feature-set that the built device provides:
- Complete MicroPython implementation of the TOTP specification (and underlying HMAC-SHA1, Base32 dependencies).
- Customisable background colours per TOTP.
- Progress bar to present how long till the TOTP is about to expire.
- Flashing alert LED when the TOTP is about to expire.
- Initial configuration screen to set the current UTC time - to correct the Raspberry Pi Pico’s RTC.
Once you have downloaded the project from GitHub, you can the follow the instructions below to get the device setup.
- Connect the Pico Display Pack to the Raspberry Pi Pico.
- Create a
codes.jsonfile (based on
codes.json.example) which includes the desired TOTP keys.
- Flash the Raspberry Pi Pico with the latest MicroPython with Pimoroni Libs.
- Copy the codebase to the Raspberry Pi Pico.
- Upon boot, you will be required to specify the current UTC time (clicking
- Now you can cycle through your TOTP’s using the
I have been amazed at how easy it is for someone like myself (coming from a high-level programming background), to pick up MicroPython and build non-trivial systems using microcontrollers. I found researching and implementing the functionality that performed HMAC-SHA1 to be alot of fun, allowing me to demystify what can seem to be a very magical process. Additionally, investigating how to set the Pico’s RTC was an interesting aside, combined with presenting this correction using a purpose-built configuration display screen.
Having success in completing this project has already sparked other ideas that I will discuss in upcoming articles!