Using Google’s TOTP Multi-Factor Auth With PAM on Linux

Since this provides a nice second security layer to our logins, why don’t take advantage of it also in our Linux box?

For a variety of reasons, I find Duo Security’s offering a much better solution for multi-factor authentication. Having said that, if you object to the ease of use, robust user management, and a slew of other things that Duo does and Google Authenticator doesn’t, I’ll pretend to understand.

Also, seriously, if you use iOS you should be aware that the Google Authenticator application is hideous (though functional). I’d recommend using Authy’s app and service for TOTP tokenized logins, and also point out that the Duo Security app can have TOTP tokens too. The only reason I don’t use that feature is because I blow up my phone enough that having my Google Apps, Cloudflare,, Dropbox and other tokens in an account with Authy is much more convenient.

Did I mention that using Duo Security with WordPress, Remote Desktop, RADIUS, most VPN servers and SSH means that my iPhone floats me a push notification when I login to any of my systems I’ve provisioned for it and it also tells me the source address of the connection? That includes ipv6 addresses, you big nerd.