How to use OTP for logging in and pushing code

Introduction

One time passwords, or OTP, is a password that is generated on some period (at srchub it's every 30 seconds). With OTP the accepted scheme is that it's something you know (a regular password) with something you have (a OTP generator).

Google has been using it for years with their google accounts.

Activating

To activate simply login to your account, edit your profile and there should be a field called "Add OTP Key". If you don't already have a premade key - click on generate that will create a random one for you.

After you click on generate you should see a QR code that you can scan with Google Authenticator - or any other OTP generator such as this one.

Be sure to save your profile after you generate the key!

Misc

If you have a OTP key - you will be required to enter your OTP on every push with Subversion and Mercurial. Also if you plan on browsing the raw repos and if you have a private repo you will be required to re-enter your credentials every 30 seconds.

Your password is in the form:

{OTP}{old login password}

ie

123456password

Supported Services

OTP key only works with Subversion and Mercurial.

OTP key does not work with git because it uses SSH/SSH keys to push code. The public key infrastructure that SSH uses is considered safe enough simply because it would in theory take years to go through all permutations of a possibly key. I can't think of any sane way to integrate OTP with SSH keys.