Securing your digital life with two-factor authentication (2FA) is pretty common nowadays. A password alone just doesn’t hack it. (Or does it?) Typically, 2FA on the web requires a one-time code, sent to your phone, as well as your password to log in. Other systems may use factors such as biometrics (e.g. fingerprints) or hardware dongles. (My own bank requires me to use a silly little (very losable) card reader every time I want to transfer a fiver.)
Thinking inside the box
Pablo Carranza Vélez decided to apply the principle of 2FA to a physical object, a Raspberry Pi controlled safe deposit box. To get into the box you need both your personal entry code and the code sent to your phone. This then triggers a solenoid to unlock the box.
Lots of cool stuff going on
The box uses resin.io and Authy API. Full details, schematics and code can be found on Pablo’s hackster.io page. It’s a simple concept but there’s lots going on in terms of hardware and software—Authy, resin.io, MongoDB, node.js, Bootstrap, breadboard circuits, solenoids—to make a great project and an interesting proof of concept. It’s also an excellent introduction to the contemporary technologies used and there’s even some computer science with a nod to state machines.
A pre-emptive note thing
“Just hold on this minute!” shouts a completely imaginary concerned reader. “You could (literally) brute force it with a sledge hammer/ hack it with a giant Wile E. Coyote magnet/ steal the building it was attached to / drill a hole in it and send in a tiny monkey to feebly tug at the solenoid.” Well yes, you could. To all of them.
Our advice is: do not make one of these to store your ultra-rare U2 Panini stickers in as they might get nicked (my brother swears to this day that it wasn’t him who drew NHS specs on Bono in red biro). The 2FA safe box is a thought provoking Raspberry Pi / IoT project, not the Old Lady of Threadneedle Street, lawks! (I’ve always wanted to write that, it’s a cracking name :))