Picoth two-factor authentication device

By Rosemary Hattersley. Posted

With a self-described “young and curious mind”, maker Angainor is a veteran of Raspberry Pi projects ranging from routers and home automation to retro gaming and time-lapse photography. There are “so many projects out there, you just want to buy 50 Raspberry Pi [boards] and build them all,” he enthuses. Rattling off his list of previous builds, he declares, “I’m bound to have forgotten some of them.” When Raspberry Pi announced Pico, its new microcontroller, he knew the time had come to create Picoth, a tiny security device he’d use all the time.

Simple security

Picoth is a “small USB keypad with RGB buttons and a nice colour TFT screen. Just plug it in and you get a powerful authentication assistant that will type in your 2FA (two-factor authentication) codes for you. You can store up to ten codes per page, with any number of pages you need,” making it ideal for online banking, GitHub, Twitter, and messaging platforms. Rather than having to unlock the phone, open the authenticator app, scroll to find the code, then type it in within a few seconds, Angainor says Picoth is set up with one touch to display the code with its label and one touch to auto-type it. Furthermore, the screen displays the remaining time, since 2FA codes change every 30 seconds.

This compact project has few components and costs a modest 40 euros

“This first goal of the project was to have something I feel the need for every single day: a small and trustable device that can keep my various 2FA authentications safe and always at hand,” says Angainor of why he created Picoth. Raspberry Pi Pico “handles the hardware - a 4×4 matrix keypad and its 16 RGB LEDs, the 240×135 TFT colour screen, and a clock module – as well as all the software: code generation, USB_HID emulation, and animations”.

With experience using Python on other microcontrollers, Angainor jumped at the chance to do the same with a Raspberry Pi one. “I just love Python’s expressiveness and compactness, and it’s so seamless to prototype with.” He likes Pico because it boots in a couple of seconds, is very affordable, and hardware vendors had extensions and packs available as soon as Pico went on sale. He chose Pimoroni’s “intelligent” multifunction Keypad Base, having tried to create a similar device using the firm’s Keybow.

Tricky code words

For Picoth, he says the “fun thing was parsing the official documents to check the flexible GPIO features, and what pins could be routed to I2C and SPI ports.” Having connected Pico to the display and keypad, he set about coding using MicroPython and Pimoroni libraries. He compiled everything himself as the Pimoroni firmware lacked the SHA-256 and SHA-1 he needed, editing the display library code since the pins were hard-coded. He got his device to work but hit a snag (see magpi.cc/harshdecision) relating to the USB input devices. It meant the device couldn’t type the code itself. “While usable, this was a serious drawback” and prompted a move to CircuitPython which is slower but has built-in USB-HID support.

Can you spot Pico?

The change meant “significant changes and added constraints” to his plans. Getting the keypad and display to work together was perhaps the biggest hurdle in the project but, as ever, the Raspberry Pi community came up trumps: “an awesome library by Sandy Macdonald, targeting a keybow2040, that was a perfect fit for the keypad,” says Angainor. He also notes that Raspberry Pi and Python’s ecosystems were what made the project possible at all, turning things into a matter of deciding how to assemble the parts. “There were some hacks needed because some items were not to be used that way, but that’s part of the fun.”

From The MagPi store