Situation

• You must register TOTP as a two-factor authentication method.
• The screen only displays a TOTP registration QR code with no alternatives.
  • It only instructs you to register the TOTP QR code and then enter a 6-digit number.
• For security reasons, smartphones and other cameras cannot be used.
• Unfortunately, you don't have the ability to decode QR codes by sight.
• You cannot proceed with any further tasks without registering TOTP.
• The PC displaying the screen runs Windows, and file exports are prohibited.
• You can install programs if there are no specific security concerns.
• Python is available, and you can install Python packages.
• You can capture the screen (screenshot) and save it as an image file.

How can you complete the TOTP registration in this situation?

Additional Information

• The screen appears to be created using Keycloak.
• It likely follows standard TOTP settings (SHA-1, 30 seconds, 6 digits).

Solution

• Install an appropriate Python QR Code Reader package (qreader).
• Write Python code to decode the captured QR code.
  • At minimum, you can now copy the decoded information to a text editor like Notepad.
• Install KeePassXC and create a suitable database.
• Add a new entry to the KeePass database and add the TOTP secret key to it.
  • Paste the RFC6238-compliant secret key decoded from the QR code.
• Verify that KeePassXC generates a 6-digit TOTP code and enter it.
• Success!

Follow-up Actions

• You can enter the same secret key into your Google Authenticator App.
  • It's much easier to view an alphanumeric secret key in a text editor than to decode a QR code.

Remaining Questions

• Was there an easier method?
  • Would PyOTP alone have been sufficient without using KeePassXC?