Here's a way for forum users to use the $totp identifier to take advantage of the "Two-step verification" offered by Undernet for logging into "X", which you can see mentioned in the "My Information" tab when logged into your account at the Undernet website.

This would give you a secret key which you can use to enable more secure logins, and seems to be their compensation for not having SSL connections. This means that when logging in, you would need to give both your text password and also a 6-digit number that changes every 30 seconds. Even if someone knows your password is 'hunter2', they'd still need to have access to the TOTP key that's used to create this 6-digit number.

The 6 digit number is created by combining the TOTP key with the current time - and is the number belonging to a 30-seconds interval that happens on average once per 350 days. Someone who has seen the 6-digit numbers associated with past logins would not be helped in determining the 6-digit number that will work 5 minutes from now, or tomorrow, except by knowing which of the 2^160 possible random keys don't work to generate those digits at those times, and that's not really any effective help.

The problem with the default method that Undernet shows you how to use TOTP - is that it needs you to scan a QR code into your phone, which you would then need to fish out each time you need to use it after getting disconnected.

Instead of using the phone method, you can use mIRC's built-in $totp identifier to send the 6 digit number code, as long as you DELETE the 7 formatting spaces from the secret key Undernet gives you, which this script removes for you. If you've tried and failed to make this work with the $totp identifier in the past, the issue of the space-characters is probably the reason.

A few things to be aware of when deciding if you want to enable TOTP at Undernet:

1. This 6 digit number, in addition to your Undernet account password, is required each time you need to login to your account. This means both after connecting/disconnect/reconnecting to their IRC server, and also when logging into your account at their website. While you can still connect to the IRC server if the code is wrong, X won't login you into the privileges of your IRC account, and you can't get back into the website without using your email address to reset.

2. Since this uses the current time when creating the code, you'll need to make sure your computer's clock doesn't drift too far away from the 'correct time', or else the 'stale' 6-digit number will be rejected.

2a. Though actually, they seem to give you a grace-period window of time, so if they're allowing you to use the number belonging to the 30 second window on either side of the correct time window, there would be 3 codes that could've worked, not just 1. And that means your random 999999 would work once per 4 months instead of once per year. And it would be for a whole 90 seconds.

3. If you lose your TOTP key in a disk fail, you'll need to use your email address to get back into your undernet account, or else wait 6 months for it to expire. And would need to edit the script again with the new TOTP key.

After you modify the alias below to include your actual Undernet account + password + your actual TOTP key, the script below does several things:

A. It will automatically give both your Undernet text password and the TOTP 6-digits each time you connect to Undernet, but does nothing when connecting to a different $network

B. It will create a menu item in your status window which can put the current time's 6-digit number into your clipboard, which is handy for login at their website. This new menu item appears only in the status window's menu that belongs to Undernet.

C. In case the login at the server connect failed because your clock had been wrong and you fixed it, the status window menu can also send your password again, rather than making you disconnect to reconnect again, but only if Undernet is the active $network.

D. If you remove the semi-colon from the line containing the MODE command, it will also send the MODE command which changes your hostname to be like @accountname.users.undernet.org instead of showing your @true-host/ip.

* *

Getting your TOTP secret is easy, by following their website instructions. To obtain the TOTP secret as the text string which you can feed to $totp, instead of scanning their QR symbol to your phone, just click on the link "enter your secret key manually."

Inside that link, they show you the secret key, which is a series of 32 letters and numbers divided by spaces into 8 groups of 4. This is your TOTP secret key that will be used to create the 6-digit number they ask for. This is a secret key which you must protect the same as you protect your login password, and is used in addition to your password, not in place of it. This secret key is not actually a random 'text passphrase', but is a random binary key that's been encoded using case-insensitive base32 where "A" and "a" are the same, and where the optional spaces should be ignored.

In the script where you see lines telling you to replace the 3 strings, the 8 groups of 4 characters is the text that you'll paste as the value defined for %TOT_KEY

Once you edit the script to contain the account/password/TOTP_Key then you're in business. If you don't want to use TOTP at all, you can still use the script to give your password-only to the Undernet server, and to change how your address appears in /whois.

If anyone knows of a different public network like this who also uses TOTP, please let me know!

---
Code
ON *:CONNECT:{ TOTP_6digits Login }

alias -l TOTP_6digits {
  if ($network == Undernet) {

    ; replace the strings for the next 3 string with your personal info
    ; share the original script not the one containing your secrets :)
    ; paste the TOTP key from Undernet website as the value for '%TOTP_KEY'

    ; next line is where you put your Undernet Account name
    var %LoginAccountName replace_with_your_Undernet_account_name
    ; next line is where you put your Undernet Account text password
    var %LOGIN_PASS       replace_with_your_Undernet_account_password
    ; next line is where you put your Undernet TOTP key, the 8 groups of 4 alphanumerics they gave you
    var %TOTP_KEY         replace_this_with_TOTP_secret_key

    var %6digits

    ; change the next line if you do NOT wish to use the TOTP feature but still want help password logging in at Undernet!
    var %Use_TOTP = Yes

    if (%Use_TOTP == Yes) {
      var %TOTP_KEY $remove(%TOTP_KEY,$chr(32))
      if ($regex(foo,%TOTP_KEY,^[a-zA-Z2-7]{32}$)) { var %6digits $totp(%TOTP_KEY) }
      else {
        echo -s $chr(22) Fail: TOTP_KEY should be the 8 groups of 4 digits of given as your TOTP key line: $scriptline script: $nopath($script) | return
      }
      if ($1 == DIGITS) return %6digits
    }
    .msg x@channels.undernet.org login %LoginAccountName %LOGIN_PASS %6digits
    ; *** remove the semi-colon from the following line if you WANT your login address shielded as @accountname.users.undernet.org
    ; .mode $me +x
  }
}

menu status,menubar {
  $iif($network == Undernet,Undernet TOTP)
  .TOTP Undernet 6 digits for Current Time to Clipboard: clipboard $TOTP_6digits(Digits)
  .-
  .TOTP Undernet login now : TOTP_6digits Login
}