LPASS_ASKPASS for 2fa or similar?

[hanoii]

Is there a way for something like LPASS_ASKPASS but for the 2fa code?

I am attempting to use https://github.com/stuartcryan/lastpass-alfred-workflow and I wonder if there's a way to improve it.

Can the binary return something to know that a 2fa is needed? How would you approach it?

[bcopeland]

On Thu, Jan 28, 2016 at 06:38:09AM -0800, Ariel Barreiro wrote:

Is there a way for something like LPASS_ASKPASS but for the 2fa code?

I am attempting to use https://github.com/stuartcryan/lastpass-alfred-workflow and I wonder if there's a way to improve it.

Can the binary return something to know that a 2fa is needed? How would you approach it?

askpass can prompt for the 2fa just like it prompts for password; you just need to look at the prompt string to know what to supply.

i.e. something like this might work for you:

!/bin/bash

askpass, just in shell as a simple example

# echo "Prompting for $" >/dev/stderr case $ in "Master Password") echo "my master password" ;; "Code")

You might have to ask here. Or if you're using a TOTP

        # like google auth and have the secret key, you could
        # generate it with oathtool or similar.
        read my_2fa_code
        echo $my_2fa_code
        ;;

esac

Bob Copeland %% http://bobcopeland.com/

[hanoii]

Awesome, thanks!

[hanoii]

Is there a way on the script to know what authenticator code is requesting. Lastpass client specifically asks for (in my case) Google authenticator code, but the askpass script only gets "Code".

[bcopeland]

Unfortunately, not at the moment. I guess descfmt would have to be used somehow inside password_prompt_askpass. Or you could write a pinentry substitute instead of an askpass program, which gets both prompts.