[jdc] The following code generates a time-based one-time password (TOTP) for use with Google's 2-step verification.
You'll need to pass in your secret key. After enabling 2-step verification, you can obtain this key by going to the ''Google Authenticator'' for ''BlackBerry''.

A warning, as included with the Google authenticator source code:

 You should never store, process or otherwise access the secret key
 on the same machine that you use for accessing your account. Doing
 so completely defeats the security of two-step verification.

======
package require sha1
package require base32

# Given a secret key, return a time-base one-time password (TOTP).
# Based on google-authenticator.c from http://code.google.com/p/google-authenticator/
proc totp {key} {
    set SHA1_DIGEST_LENGTH 20
    set VERIFICATION_CODE_MODULUS 1000000
    set challenge [binary format W [expr {[clock seconds]/30}]]
    set secret [base32::decode $key]
    binary scan [sha1::hmac -bin -key $secret $challenge] c* hash
    set offset [expr {[lindex $hash end] & 0xF}]
    set totp 0
    for {set i 0} {$i < 4} {incr i; incr offset} {
        set totp [expr {($totp << 8) | ([lindex $hash $offset] & 0xff)}]
    }
    return [expr {($totp & 0x7FFFFFFF) % $VERIFICATION_CODE_MODULUS}]
}
======