Two factor authentication safe deposit box

github 2fa dialog

A skilled hacker attempts to crack 2FA

Securing your digital life with two-factor authentication (2FA) is pretty common nowadays. A password alone just doesn’t hack it. (Or does it?) Typically, 2FA on the web requires a one-time code, sent to your phone, as well as your password to log in. Other systems may use factors such as biometrics (e.g. fingerprints) or hardware dongles. (My own bank requires me to use a silly little (very losable) card reader every time I want to transfer a fiver.)

Safety deposit box with two-factor authentication

Safety deposit box with two-factor authentication

Thinking inside the box

Pablo Carranza Vélez decided to apply the principle of 2FA to a physical object, a Raspberry Pi controlled safe deposit box. To get into the box you need both your personal entry code and the code sent to your phone. This then triggers a solenoid to unlock the box.

Lots of cool stuff going on

The box uses resin.io and Authy API. Full details, schematics and code can be found on  Pablo’s hackster.io page. It’s a simple concept but there’s lots going on in terms of hardware and software—Authy, resin.io, MongoDB, node.js, Bootstrap, breadboard circuits, solenoids—to make a great project and an interesting proof of concept. It’s also an excellent introduction to the contemporary technologies used and there’s even some computer science with a nod to state machines.

Opening the resin safebox from Pablo Carranza Vélez on Vimeo.

A pre-emptive note thing

“Just hold on this minute!” shouts a completely imaginary concerned reader. “You could (literally) brute force it with a sledge hammer/ hack it with a giant Wile E. Coyote magnet/ steal the building it was attached to / drill a hole in it and send in a tiny monkey to feebly tug at the solenoid.” Well yes, you could. To all of them.

Our advice is: do not make one of these to store your ultra-rare U2 Panini stickers in as they might get nicked (my brother swears to this day that it wasn’t him who drew NHS specs on Bono in red biro). The 2FA safe box is a thought provoking Raspberry Pi / IoT project, not the Old Lady of Threadneedle Street, lawks! (I’ve always wanted to write that, it’s a cracking name :))

Solenoid control breadboard prototype

Solenoid control breadboard prototype