Two-factor authentication is a security measure that requires you to provide two pieces of information, such as your username and password, in order to access your account. This can help protect your account from unauthorized access, and can also help prevent identity theft. To use two-factor authentication on the Commodore 64, you first need to create a new account on the computer. Then, you need to set up a new two-factor authentication code. To do this, you’ll need to find and enter the code into the computer’s main screen. After you’ve entered the code, you’ll need to click on the “save” button. Once you’ve saved your two-factor authentication code, you can use it when logging in to your account on the Commodore 64. You’ll also need to enter it when trying to sign in for the first time or when changing your password.
Cameron Kaiser, perhaps best known as the software developer for the Classilla and TenFourFox web browsers, has released a new program for the Commodore 64 that turns it into a two-factor authenticator app. TOTP-C64 can generate real-time codes that should be compatible with any service that supports app-based 2FA, like Google, Facebook, Discord, Mastodon, and others.
RELATED: The Best-Selling PC of All Time: Commodore 64 Turns 40
Kaiser wrote in a blog post about the project, “Some of you are asking already if this idea is totally nuts or just mostly. But consider: the C64 has a very small attack surface and it can be made completely airgapped. Keys can be entered manually, or stored as binary files which you have to know the file, offset and length to correctly use (unless you make the entire file the key). Heck, you have to even know what disk (or cassette tape?) it’s on. Plus, anything fun is always a satisfactory justification!”
The blog post goes into detail about the work required, which involved creating an SHA-1 hash function that could run on the limited 6502 processor, and finding a way to track the current time without a built-in hardware clock. The result is an impressive feat of software engineering, and can generate 2FA codes as well as an authenticator app on a phone or modern computer, unless the key is longer than 64 bytes.
You can check out the code on GitHub at the source link below, and there’s also a pre-compiled version that can be run directly on a Commodore 64 or emulator.
Source: Old Vintage Computing Research, GitHub