Add OATH-HOTP support

Does OnlyKey support OATH-HOTP? I searched throughout the complete site, and only could find OATH-TOTP.

Thanks in advance

1 Like

No two factor methods supported are TOTP, Yubikey OTP, and FIDO2

That is a pity! And quite a disappointment. I bought the onlykey because it seemed to support almost all prevalent authentication protocols. At my university OATH-HOTP is used for all online services, and I need to login a lot being a lecturer…

About the future: it it expected to be added? Is it a matter of a firmware upgrade, or does it require hardware changes to the onlykey?

It is not an expected feature. We do not support this as its so rarely used, that is very interesting that your university uses HOTP for all online services, I have never seen it deployed widely like that. Usually TOTP is used.

Added this thread to feature requests. If there are is wide interest in this feature we would consider adding it. If anyone else is interested please like post here.

1 Like

Ah, it is utrecht university, the 2nd largest Dutch university.

They use OATH-HOTP for everything, since january 2021. If you support it, you have 37,000 additional potential users (30,000 students, 7000 employees).

I am amazed that a UNI in 2021 will introduce this old, unsecure standard. yubico: What are the drawbacks of HOTP?
TOTP, U2F and especially WebAuthn (FIDO2) is the way to go 2021.

And of course sk-ssh-ed25519 for terminal login. Longingly awaiting Debian Bullseye release to upgrade my servers.

If that is true, that is indeed remarkable. Thanks for the link.

No, it would only require some minor changes to the firmware and the OnlyKey apps.

Do you have any ETA for the OATH-HOTP support?

We do not plan to support as OATH-HOTP is not recommended for security reasons.

@t11 I see your point but many platforms support HTOP and not requiring a clock it could work also on computers without the OnlyKey app.
Moreover many competitors support it, i.e. the YubiKey 5 Nano FIPS that is FIPS 140-2 validated (Yubico YubiKey 5 Nano FIPS | NIST Validated Security Key | USB-A).
You product is powerful and I could contribute to your open source project to add this feature, WDYT?

If you would like to contribute this feature to the firmware we may be able to add this feature to the firmware and configuration via the OnlyKey CLI. It would require additional changes to add to the OnlyKey App.