My use case is this. I have several business accounts (Heroku, Cloudinary, etc) that I like to enable 2FA on but which only support TOTP. I usually add those accounts to my Google Authenticator App and all is fine.
Except when I lose/wipe my phone, which happened recently. Then I have to go around resetting the 2FA setting, then re-enabling it with the new phone.
After a quick search, I found almost no solutions that fit this. Except something like [0]. I would love to buy let's say, 2 of those for each account I want to enable 2FA on, I keep one in the safe and the other one for regular use.
So then I remembered about SC4 and thought that if I can do TOTP on it, I can just buy 2 and put all my seeds there (or so I was thinking) and use that instead of the phone.
That was my reasoning. Maybe I'm doing something wrong here, but I would love to be able to de-couple 2FA from my phone for my business accounts... I guess it's not a common use case?
Adding a RTC to the hardware is probably not viable. It would increase the cost too much. (If I were selling millions of units that would be different, but that hasn't happened yet.)
Another possible solution is to lobby the sites you care about to implement U2F. It's not particularly difficult. I wrote some minimalist reference code that you/they can find here:
https://github.com/rongarret/u2f-test/
And of course you can always point them in my direction if they want to hire a consultant :-)
date > /dev/cu.usbmodem*
and the OTP would appear on the HSM display. Would that work for you?
Just an idea, is there any USB device class that could be used to get the date and time? such that if you configure the SC4 to work with TOTP, when you plug it in a USB driver is installed that allows it to query the date and time?
