Contact

Subscribe via Email

Subscribe via RSS

Categories

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Extract secret keys from Two-Factor Authentication (TFA) QR codes

Got me Pebble Time yesterday! Yay. Found a cool app for Two-Factor Authentication codes called QuickAuth (it’s open source too, amazing!). 

The app requires you to enter the secret keys for your Two-Factor Authentication sites. Unfortunately I never saved these when I set up TFA on my devices. I was smart enough to save the QR code for each site and this way I was always able to add new devices by just scanning the saved QR code, but now I had to enter the secret key and I was stuck. 

Enter another open source project Zebra Crossing (zxing). This is a library for processing QR codes and they have an Android app called Barcode Scanner. Get this app, scan the QR code, and you get an output that starts with otp://. That’s the secret key you want. Enter this into QuickAuth. 

If you don’t want to download the app there’s also an online interface to upload a QR code and decode. Nice!

p.s. In case it helps anyone – on the face of it there seems to be no easy way to delete a key/ site once you enter it into QuickAuth. Later I realized if I long press the select button on the pebble when it shows a code I get many options. One of these lets you delete the key/ site. 

Reset your self-hosted WordPress password or disable Google Authenticator via phpMyAdmin

No posts for a long time since I am between countries. I got posted to a different branch of the firm I work with, so the past few weeks I have been busy relocating and setting up. Since the last week of March I am now in Dubai. A new place, a fresh start, yaay! Sadly, no blog posts so far as I don’t have time at work or after it. Hopefully that gets rectified soon as things start settling down. 

Today I tried logging in to this blog and it wouldn’t let me. Kept denying access because the username/ password/ Google Authenticator code was incorrect. I know the first two have to be correct because I save them using LastPass so there’s no way I could have forgotten. The last one too has to be correct because it’s automatically generated after all, but who knows, maybe the plugin’s disabled or broken in the past few weeks?

Since this is a self-hosted blog I the idea to use phpMyAdmin and look at the WordPress database. Perhaps I can reset my password from there or disable Google Authenticator? Turns out that’s easy to do. 

Step 1: Login to cPanel of your hosting provider and launch phpMyAdmin. 

Step 2: Click the Databases tab and select your database. 

Step 3: Go over to the wp_usermeta or wp_users table. The former is for Google Authenticator. The latter for password. The latter has a row for each user. Click the Edit link for the user you want, go to the user_pass field, and enter an MD5 hash of the password you want. (If you use DuckDuckGo you can simply type the word followed by md5 and it will give you the MD5 hash! Else try this link). 

In my case I didn’t mess with the password. I suspected Google Authenticator & simply wanted to disable that. So the first table was what I went after. This table has multiple rows. All user meta data belonging to a particular user will have the same user_id. Find the user you are interested in, note the user_id, then find the key called googleauthenticator_enabled.  If Google Authenticator is enabled for the user this will say enabled; change it to disabled and you are done. 

That’s all for now!