Build your own two-factor authentication with good USB

Two-factor authentication is becoming the norm for many applications and services, and security concerns surrounding phone porting hacks are leading to a phaseout of SMS-based systems. In that context, [Josh] Good has created its own authentication device called USB.

The device can be built using an Arduino Leonardo, SS Micro, or even a BadUSB device. Which is next [Josh] Like the best, and since the bad device is being reused for good, it’s called Good USB. Basically any Atmega32U4-based device will work, because the key functionality is the ability to mimic a USB keyboard on a host PC.

The device is just as easy to use. With the Good USB plug-in, you need to click a button in the companion app to generate a code for the account you are logging into. Press the button on the device then type the code for you. Alternatively, if your device does not have a button, it can be set up to type the code two seconds after you select an account in the companion app.

The code is in Github for those who want to make their own. Warning for Warning: This is still a work in progress, and there may be security holes in the current implementation.

If you’re interested in Nut and Bolt about how 2FA works, we’ve looked at it in detail. Video after the break.

Leave a Reply

Your email address will not be published.