Two-factor authentication is a security measure that requires you to provide two pieces of information, such as your username and password, in order to access your account. This can help protect your account from unauthorized access, and can also help prevent identity theft. To use two-factor authentication on the Commodore 64, you first need to create an account on the Commodore 64 website. Then, you need to set up a new two-factor authentication code. The code will be sent to your email address when you create an account on the website. Once you have set up your code, you can use it to log in to your account on the Commodore 64 website. You will need to provide both of your username and password in order to log in. If someone tries to login with one of those credentials without providing the other piece of information, they will be denied access. Two-factor authentication is a great way to protect yourself from identity theft and other online threats. It is easy to set up and can help keep you safe online.


Cameron Kaiser, perhaps best known as the software developer for the Classilla and TenFourFox web browsers, has released a new program for the Commodore 64 that turns it into a two-factor authenticator app. TOTP-C64 can generate real-time codes that should be compatible with any service that supports app-based 2FA, like Google, Facebook, Discord, Mastodon, and others.

RELATED: The Best-Selling PC of All Time: Commodore 64 Turns 40

Kaiser wrote in a blog post about the project, “Some of you are asking already if this idea is totally nuts or just mostly. But consider: the C64 has a very small attack surface and it can be made completely airgapped. Keys can be entered manually, or stored as binary files which you have to know the file, offset and length to correctly use (unless you make the entire file the key). Heck, you have to even know what disk (or cassette tape?) it’s on. Plus, anything fun is always a satisfactory justification!”

The blog post goes into detail about the work required, which involved creating an SHA-1 hash function that could run on the limited 6502 processor, and finding a way to track the current time without a built-in hardware clock. The result is an impressive feat of software engineering, and can generate 2FA codes as well as an authenticator app on a phone or modern computer, unless the key is longer than 64 bytes.

You can check out the code on GitHub at the source link below, and there’s also a pre-compiled version that can be run directly on a Commodore 64 or emulator.

Source: Old Vintage Computing Research, GitHub