Token authentication for Gmail using a eZ430 Chronos watch

Two-factor authentication allows you to use your chosen password, as well as a one-time password to help keep your services secure. The one-time passwords traditionally come from a dedicated piece of hardware, but there are also solutions for smart phones. [Patrick Schaumont] shows how a TI eZ430 Chronos Watch can be used to generate authentication tokens. After walking through the process he uses it to beef up his gmail login.

This method of token authentication is often called Time-based One Time Passwords (TOTP). It’s part of the Open Authentication (OATH) initiative, which seeks to sort out the password-hell that is modern computing. A portable device generates a password by applying an algorithm and a private encryption key to an accuarte time-stamp. On the server side of things a public key is used to verify the one-time password entered based on the server’s own time-stamp. In this case the portable device is the Chronos watch and the server is Google’s own TOTP service.

You can do this with other simple microcontrollers, we’ve even seen an Arduino implementation. But the wrist-watch form factor seen here is by far the most convenient — as long as you always remember to wear the watch.

[Thanks Oxide]

Comments

  1. addidis says:

    This is pretty sweet. Using a pre-paid phone means setting up token auth on gmail has the potential to be expensive or a pain. This is a nice solution although from experience with blizard games and their digipass being cracked (google diablo III account hacking) it is just another speed bump on the way to being owned. Still might dust off the old chronos and give it a spin.

  2. polossatik says:

    ” to an accuarte time-stamp.” – it’s accurate by the way – with the Chronos watch?
    lol, a lot for them have serious time drifts.

    • Galane says:

      Yeah, facepalm when misspelling accurate. ;)

    • parakleta says:

      It’s pretty trivial to implement a TCXO on the MSP430 to compensate for drift. We develop a lot of stuff using the MSP+CC combinations at work and we get accuracy down to a couple of PPM pretty easily. Don’t know if you can do it on the CC430 but we calibrate the offset of the 32khz against the RF Xtal. The RF Xtal you can get to within about 1PPM using the freq offset register and use a TCXO algorithm for it as well if you have the curves.

  3. SparkDustJoe says:

    I did something like this for Windows in C#.Net that can do multiple accounts using the barcodes from Google. I just did it so that I didn’t always need to have my phone, or if I LOST my phone I could still get into my account. It even displays barcodes that can be used to add an account back into a phone without having to re-create the account settings in Google. The accounts stored in the program are encrypted.

    http://googleauthclone.codeplex.com/

  4. cde says:

    That’s gonna suck when the watch breaks in a few weeks.

  5. Mark says:

    Could this be reused for Dropbox as well?

  6. yohanes says:

    I also implemented something like this last year using ez430:

    http://tinyhack.com/2011/03/02/ez430-chronos-otp/

  7. putyn says:

    something similar was done two years ago https://github.com/htruong/chronos-otp :P

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 91,415 other followers