Secalot acts as a hardware one-time password generator. Using OTPs you can securely log in to websites and secure applications like password managers.
Secalot supports two types of one-time password generation mechanisms, a so-called HOTP, where a one time password is generated based on a secret and a counter stored inside a device, and a so-called TOTP mechanism, where one-time passwords age generated based on a secret and current time.
TOTP is mostly used on websites, HOTP is mostly used in software applications.
Secalot is compatible with the Google Authenticator app. So all websites that support Google Authenticator also support Secalot.
To set up a device for OTP operation use the Secalot Control Panel GUI or command line applications.
Once OTP functionality is set up, pressing two touch buttons on top of the device simultaneously will type in the current one time password as if Secalot is a keyboard.
As an example, let’s configure Secalot to work as an OTP provider for the KeePass password manager.
Install KeePass and the OtpKeyProv plugin
After installing KeePass download the OtpKeyProv plugin from KeePass’es official site, copy it into the KeePass installation directory and unzip it there.
Open Secalot Control Panel and navigate to the “OTP Configuration” tab. Under “OTP type” select “HOTP” and put 8 as the number of digits, as the more digits are used the more secure one-time passwords are. Generate a new key of “Base32” format. The default key length is fine. Click on the “Set” button. Secalot is ready for action.
Copy your new key value somewhere so that it can be entered in the KeePass later. Plus it is a good idea to save it in a secure place in case you lose or break your device.
Create a password database
In KeePass click on the “New” icon and choose where to save your new password database.
When the “Create Composite Master Key” window appears, enter your new master password, select the “Key file/provider” checkbox and select “One-time Passwords (OATH HOTP)”. Click OK.
In the new window make sure that the length of the one-time password is set to 8. Under the “Secret key” select “Base32” and paste the key value you have saved in the previous step, removing all the spaces. Set the “Look-ahead count” to a non-zero value, for example, 10, so that things would still work if you accidentally click on the touch buttons and generate an OTP outside of KeePass. Set the number of OTPs required to open the database to 3. Click OK.
On the next screen click OK to accept default settings. Your password database is created.
Login to your password database using OTPs
To try out opening the database with Secalot, click on the “Lock Workspace” button. The password entry window should appear. Enter your password and click OK. Now the OTP entry screen will appear.
Press the two touch buttons on top of the Secalot device simultaneously three times in a row to generate three OTPs. Once you generate all the three passwords, KeePass will automatically login to your password database.