2023-08-06 TOTP 2fa for E*Trade with FreeOTP

E*Trade has an option for two factor authentication using the Symantec VIP Access mobile app. However, I want to use FreeOTP, which can manage all my TOTP tokens. See this for details on the reverse engineering of the Symantec provisioning protocol. So, starting with a recent Fedora Linux box, running as root, we can:

dnf install qrencode
git clone https://github.com/dlenski/python-vipaccess.git
cd python-vipaccess
pip install .
which vipaccess

Then, as a normal user:

vipaccess provision -t SYMZ
sec=$(grep secret ~/.vipaccess | awk '{print $2}')
id=$(grep id ~/.vipaccess | awk '{print $2}')
qrencode -o- -d 300 -s 10 "otpauth://totp/etrade-$id?secret=$sec" | display

As of 2023-08-06 E*Trade seems to require provisioning type SYMZ. They formerly required type VSMT.

FreeOTP should be able to read that QR code via your phone camera. Now login to E*Trade, "Security Settings", "Manage two-factor authentication", "Add authenticator". You will enter the ID of the credential generated above, and also the current six digit token generated by FreeOTP. If everything works, E*Trade will accept the settings and connect your account to the generated Symantec ID. Logoff, and on your next login, supply your normal username. In the password field, enter your normal password followed by the current six digit token from FreeOTP.

According to this, E*Trade has a 32 character limit on the password length. So you must make sure your current E*trade password is not longer than 26 characters before starting this procedure. Otherwise, the password plus 6 digit code is longer than 32 characters, and the login will fail.