Add OATH-HOTP support

Does OnlyKey support OATH-HOTP? I searched throughout the complete site, and only could find OATH-TOTP.

Thanks in advance

No two factor methods supported are TOTP, Yubikey OTP, and FIDO2

That is a pity! And quite a disappointment. I bought the onlykey because it seemed to support almost all prevalent authentication protocols. At my university OATH-HOTP is used for all online services, and I need to login a lot being a lecturer…

About the future: it it expected to be added? Is it a matter of a firmware upgrade, or does it require hardware changes to the onlykey?

It is not an expected feature. We do not support this as its so rarely used, that is very interesting that your university uses HOTP for all online services, I have never seen it deployed widely like that. Usually TOTP is used.

Added this thread to feature requests. If there are is wide interest in this feature we would consider adding it. If anyone else is interested please like post here.

1 Like

Ah, it is utrecht university, the 2nd largest Dutch university.

They use OATH-HOTP for everything, since january 2021. If you support it, you have 37,000 additional potential users (30,000 students, 7000 employees).

I am amazed that a UNI in 2021 will introduce this old, unsecure standard. yubico: What are the drawbacks of HOTP?
TOTP, U2F and especially WebAuthn (FIDO2) is the way to go 2021.

And of course sk-ssh-ed25519 for terminal login. Longingly awaiting Debian Bullseye release to upgrade my servers.

If that is true, that is indeed remarkable. Thanks for the link.

No, it would only require some minor changes to the firmware and the OnlyKey apps.