There is no shortage of OTP 2FA apps availiable for your phone, such as Google Authenticator or Duo Mobile . These apps take an initial secret code, and create a TOTP anytime you need a 2FA code for login. It's also possible to do 2FA on the CLI. Some advantages:

Easy to add, maintain, and backup with a simple key=val text file Copy/Paste is easier than typing digits displayed on your phone No issues with being locked out due to dead/lost/new phones

This is accomplised with a utility named oathtool . It can be installed on Debian/Ubuntu via: apt install oathtool . I use a helper script as well as a file of initial secrets.

/usr/local/bin/otp :

#!/usr/bin/env bash if [ -z $1 ]; then echo echo "Usage:" echo " otp google" echo echo "Configuration: $HOME/.otpkeys" echo "Format: name=key" exit fi OTPKEY="$(sed -n "s/${1}=//p" $HOME/.otpkeys)" if [ -z "$OTPKEY" ]; then echo "$(basename $0): Bad Service Name '$1'" $0 exit fi oathtool --totp -b "$OTPKEY"

~/.otpkeys :

aws={secret code} google={secret code}

Getting a 2FA code: