Is there a Google Authenticator desktop client?

Question

I am using Google Authenticator for 2-step authentication. I like how I can use a code and verify my account using my phone:

I realize that the app was designed to run on a device other than a computer to increase security for the computer (in case that it is lost or stolen), but I would like to know if there is a way I can run Google Authenticator on my Macbook.

Now, per the Google Authenticator Page it will not run on a desktop:

What devices does Google Authenticator work on?

Android version 2.1 or later

BlackBerry OS 4.5 - 6.0

iPhone iOS 3.1.3 or later

However there are several emulators for developers and so I wonder if it is possible to run one of these emulators and then run Google Authenticator with that. I do realize this is not a best practice - but I'm less worried about my laptop getting stolen and more worried about someone just hacking the account.

So my question is this: Is it possible to run it on the desktop, even though it is not meant to be / not recommended?

nah, kind of defeats the purpose, if you think about it. but if you really want to defeat that purpose, this article explains how http://albertech.blogspot.com/2016/10/run-google-authenticator-from-your.html — jar, Oct 18 '16 at 22:45
however, as an alternative to GAuth under emulation you could just use oathplus - http://soundly.me/oathplus - it's essentially Google Authenticator for the command-line (I'm the dev). — jar, Nov 11 '16 at 04:18
By that same logic shouldn’t you avoid accessing all those websites that have enabled 2fa on your mobile (which is generally more likely to get stolen anyway)...? — MmM, Jan 06 '19 at 16:15
This Firefox addon can also be explored. https://addons.mozilla.org/en-US/firefox/addon/auth-helper/ does this well. — Animesh D, Jan 11 '20 at 06:35
the main purpose of 2fa is to prevent unauthorized access in case your password gets stolen (usually via phishing or because you use weak password or use the same password for multiple services). It has little to do with preventing access in case any of your physical devices get stolen. Furthermore, mobile phones get stolen waaay more often than desktop computers. Finally both mobile and desktop devices should be encrypted, so even if they are stolen your data is safe. Given these, there's absolutely 0 security related reasons why you shouldn't use your desktop to generate your OTP codes. — morgwai, Jun 28 '22 at 14:49
Have a look at: https://apps.apple.com/nl/app/g2fa-for-google-authenticator/id6444865161?mt=12 — Siebe Jongebloed, Jan 05 '24 at 11:59

score 130 · Accepted Answer · edited Oct 14 '14 at 23:03

130

Install oath-toolkit via brew, generate your keys with:

oathtool --totp -b <your_secret>

To get your secret, use the 'change phone' option in Google. You can get your key by clicking the 'manually enter the key' link.

edited Oct 14 '14 at 23:03

pabouk - Ukraine stay strong

6,658

answered Oct 14 '14 at 21:52

martin

1,324

1

Awesome! Only problem now - can't log in when I don't have my laptop. – Jason R. Coombs Sep 01 '16 at 16:08
20

Copy the secret to a fairly secure file: (umask 0077;pbpaste > ~/.totp_google). Write a shell function to put the TOTP in your clipboard: totp() { oathtool --totp -b $(<~/".totp_${1:-google}") | pbcopy; }. Add other secrets for other services: (umask 0077;pbpaste > ~/.totp_github). Select which token you want from the function: totp github. Profit!!! – kojiro Oct 13 '16 at 00:11
4

FWIW I wrote a shell wrapper that does @kojiro 's suggestion: https://github.com/poolpog/bash-otp – JDS Nov 02 '16 at 17:24
Here's a short shell script that reads the Google Authenticator app's database file and generates a live code for each key, providing you have enough access to your device to copy the file over to your PC. – Malvineous Oct 01 '17 at 09:15
1

@JasonR.Coombs you should be able to login to both the laptop and your phone with the same secret key. Just did it right now and both generate the same 6 digit passcode. – John Lee Jun 11 '19 at 18:20
As a bash novice, I had to look up what the parenthesis did in the umask line by @kojiro. It's apparently called bash subshell. https://www.tldp.org/LDP/abs/html/subshells.html – John Lee Jun 12 '19 at 16:37
worked great. "your secret" is also referred to as a token string FWIW...also oath-toolkit is a package installable on other distros as well, FWIW... – rogerdpack Jun 13 '20 at 15:22
There is no change phone option in Google authenticator anymore. :( – kenshinji Dec 13 '21 at 15:47
on debian based systems (ubuntu, mint etc) you can install oathtool with apt-get install oathtool – morgwai Jun 28 '22 at 14:39

score 31 · Answer 2 · answered Feb 01 '13 at 16:53

31

There is a Self Hostable Web App at https://github.com/gbraad/html5-google-authenticator This is not secure on an internet facing machine, but you can load this on a completely offline Machine and you'd be safe.

answered Feb 01 '13 at 16:53

Jharwood

449

1

It looks really good - just makes me nervous b/c I don't easily understand everything that makes it work :) – cwd May 25 '13 at 00:30
4

basically, it's using local storage inside your browser to store a secret key, local storage is only accessible from the domain it was written from (someone correct me if i'm wrong), it then uses the current time and the secret key from the local storage, to compute what the key should be. It's all just Javascript goodness – Jharwood May 28 '13 at 13:11
1

This one is awesome bro. Now I don't need to run a VirtualBox or Bluestacks for this. – Manish Singh Mar 24 '14 at 16:41
1

That's fantastic. You can use rawgit to run the app now or use a version pinned to a commit if you have concerns about the code mutating. – Jason R. Coombs Sep 01 '16 at 16:24

score 21 · Answer 3 · edited Nov 17 '17 at 08:28

21

Yes. You can use WinAuth. Works fine for me.

edited Nov 17 '17 at 08:28

Arjan

31,163

answered Sep 05 '14 at 12:34

user626528

909
6
20
41

Open source + very simple to use, and works even on Vista (which Authy does not do). – Casper Jun 29 '18 at 16:35
Worked fine for me. Used it because it runs in my machine, is open source, GNU licensed and there's a binary to download. It has a nice option "copy on new code" that automatically copies a new code to the clipboard. – neves Jun 16 '20 at 19:39
warning for folks finding this answer in 2022 or beyond: this application is no longer maintained, so since we're dealing with security, do not use this anymore. – Mike 'Pomax' Kamermans May 27 '22 at 19:31

score 18 · Answer 4 · answered May 25 '13 at 00:17

18

JAuth is a good alternative - Java based (has Windows, Linux, and OS X installers), small and portable. I keep a copy on a USB drive.

answered May 25 '13 at 00:17

cyberx86

417
3
5

For my money, this ought to be the accepted answer. JAuth is works great, and has its own installer. It really couldn't be any easier. – evadeflow Apr 11 '14 at 13:37
If JAuth_KS file is leaked can somebody else generate One Time Passwords for my accounts? – Saqib Ali Nov 03 '16 at 15:07
2

I found the UI confusing. For me, on Linux Mint (Ubuntu based), the buttons were 3x3 px wide and hard to click, and what do they mean? The > button for example. + hard to see what's a button and what is some kind of title. — I wish they hadn't built any GUI at all, instead everything via the command line in Bash / Win CMD. I guess that would have saved them fairly much time too – KajMagnus Nov 16 '16 at 12:47
Can JAuth be configured for more than one account? – d-b Jul 07 '18 at 07:10
The installers don't work any more for OS X. And it's confusing how to even use it! – rogerdpack Jun 13 '20 at 14:18

score 17 · Answer 5 · answered Dec 31 '14 at 08:47

17

Try Authy: https://www.authy.com/.

It works for many 2fa accounts, including Google. Authy supports multiple platforms, including PC.

Note: Google seems to only provide a QR code for adding accounts. This means it's easiest to add your Google account via the Authy Android app. However, once you do that, you can also access it from the PC Authy app.

answered Dec 31 '14 at 08:47

dss539

309

1

By far the best solution. It has a Chrome Extension too :) – Jacob Relkin Dec 03 '15 at 10:26
10

Requires an online account. – pgampe Mar 30 '16 at 20:19
3

Just to be clear, this is a web app? And you have to upload your secrets to a third party? – jiggunjer Oct 18 '17 at 03:50
@jiggunjer good question. From their website "Data Security
Encrypt your 2FA data and backup to our cloud, without storing passwords with us." So yes and no. You can choose to let them hold your secrets but theoretically they can't access them. If I recall, you can skip the cloud backup feature if you wish.
– dss539 Oct 18 '17 at 03:55
3

This requires a phone number. – SuperSandro2000 Oct 06 '19 at 13:31
1

@SuperSandro2000 what alternative do you use that doesnt use a phone number? – fersarr Sep 18 '21 at 15:57

score 15 · Answer 6 · edited May 28 '19 at 14:36

Forget the others if you have to deal with more than one key, pass or any other kind of information. It is always a question how do you use it. The easiest method is to use an password management tool (please do not use online services for such things, LastPass has been hacked too).

Here is my suggestion (works on Linux, Mac, Android), this one is for Windows users:

Download latest KeePass (currently 2.32) and set your DB up (please secure it with more than just an pass, an certificate makes it all more secure as example)
Download TrayTOTP Plugin for KeePass and copy it into plugins folder located in KeePass installation folder.
For an entry in KeePass, create two custom strings for your keepass entry:

First string: TOTP Seed
Second string: TOTP Settings

Under TOTP Seed, you should place your seed key. For settings, many are confused, especially newbies. By default (and most use defaults) new key is always created every 30 seconds and has length of 6 characters. That means, if not explicitly set, then TOTP Settings should have:
```
30;6
```
30: Stands for seconds
6: Stands for length of a key

I know only couple services where you can choose or set it manually, Kraken Exchange is one of them, when you secure your account, you can choose length up to 8 characters and totp settings would be 30;8
Change Autotype :) , there are two types of pages and how they verify.

First: You can enter username, password and 2FA key.
Second: You need to enter username and password, after pressing enter/submitting, second page/frame shows asking for 2FA.

For first case, edit your KeePass entry by changing autotype options. Click on "Override default sequence" which is:
```
{USERNAME}{TAB}{PASSWORD}{ENTER}
```
and add pressing additional TAB, then placing TOTP key and then pressing ENTER:
```
{USERNAME}{TAB}{PASSWORD}{TAB}{TOTP}{ENTER}
```
For second case, we need to send user and pass, then wait 1-3 seconds (I will set here 5 seconds) and then 2FA key:
```
{USERNAME}{TAB}{PASSWORD}{ENTER}{DELAY 5000}{TOTP}
```

That's it. Press CTRL+V or right click and perform autotype, that's it.

KeePassXC is another version of KeePass that is cross platform and supports 2fa/OTP. Works well. — jeffmcneill, Sep 19 '18 at 02:50

score 12 · Answer 7 · answered Aug 16 '12 at 16:27

12

You could use Oracle's VirtualBox, Android x86 OS, and then install the Authenticator. This would essentially give you the Google Authenticator on a desktop.

VirtualBox: https://www.virtualbox.org/

Android x86: http://www.android-x86.org/

answered Aug 16 '12 at 16:27

kobaltz

14,824

Seriously isn't that a little bit overkill? – Steve Moretz Jan 27 '23 at 08:24
@SteveMoretz today? Yes. Back in 2012? No. – kobaltz Jan 27 '23 at 12:27
It's great that still today there is no official desktop app for this, nothing much has changed in this area has it? :) – Steve Moretz Jan 27 '23 at 14:57

qoomon · Answer 8 · 2021-04-23T12:53:48.633

9

Disclaimer: I'm the Author :-)

https://qoomon.github.io/otp-authenticator-webapp/

Its a google authenticator web app.

This is a static website hosted on github pages. You could just use my version or fork the gh-pages branch and hosted on your own github page.

No External Services are used, local JavaScript execution only

Features

generate totp codes
show remaining valid seconds for totp code
parse otpauth URLs in 'secret' input field
generate otpauth URL QR code

Here is an Example

edited Apr 23 '21 at 12:53

answered Jul 25 '17 at 05:43

qoomon

240

Looks neat and simple. The example seems to always generate 000 000 (need to manually copy the secret from the url). – corwin.amber Apr 23 '21 at 12:36
@corwin.amber you are right the example link is deprecated, cause I removed the secret parameter support for security reasons. I've fixed the link. – qoomon Apr 23 '21 at 12:53

score 7 · Answer 9 · edited Nov 07 '17 at 23:16

7

There's also a Firefox OS app version. It doesn't need Firefox to run first, and you can actually install Firefox portable so it doesn't impact your system.

https://marketplace.firefox.com/app/gauth/

edited Nov 07 '17 at 23:16

V2Blast

103

answered Jan 05 '13 at 17:51

web

71

has moved to: https://marketplace.firefox.com/app/gauth?src=search – Joe Feb 01 '15 at 20:12
1

Has moved again or is deleted. – nilsi Dec 11 '18 at 18:07

score 6 · Answer 10 · answered Dec 16 '14 at 15:46

I hacked together an oath-toolkit integration with a CLI that works in Quicksilver too. The CLI Bash Script and .otpkeys Configuration File example can be found in the Quicksilver and OTP: Together At Last blog post.

You'll need your secret keys so you can put them into the config.

Bash Script:

#!/bin/bash
scriptname=`basename $0`
if [ -z $1 ]
then
    echo "$scriptname: Service Name Req'd"
    echo ""
    echo "Usage:"
    echo "   otp google"
    echo ""
    echo "Configuration: $HOME/.otpkeys"
    echo "Format: name=key"
    exit
fi
otpkey=` grep ^$1 $HOME/.otpkeys | cut -d"=" -f 2 | sed "s/ //g" `
if [ -z $otpkey ]
then
    echo "$scriptname: Bad Service Name"
    exit
fi
/usr/local/bin/oathtool --totp -b $otpkey

Configuration File example for .otpkeys -- spaces are stripped.

google=a743 mike k3b4 rm5k z8a9 q6f5 id1k bxk1
facebook=OWBV Q9LF POQ2 MKYU
evernote=UKPPIDEALLKPYTT9
dropbox=iop4 xbox asia b0ss ninj a9

Usage -- specify the full or partial service name from the config, anchored to the beginning of the service name. E.g. 'goo' will work for google, but 'oogl' will not.

iso : ~ --> otp google
196379
iso : ~ --> otp goo
612384

score 5 · Answer 11 · answered Aug 24 '17 at 20:59

5

I'm surprised that no one mentions the following 2 apps.

Authenticator - Happy Two-Factor Verifying! / $2.99

OTP Manager / Free

answered Aug 24 '17 at 20:59

Authenticator price is $3.49 for me. And author's GitHub page is not there anymore. – Denis The Menace Dec 02 '18 at 11:04

score 5 · Answer 12 · answered Oct 14 '15 at 18:16

5

On MAC (OSX) you can use Alfred* and the GAuth-Workflow to get the Google Authenticator on your Desktop.

Workflows are only supported with the (paid) Powerpack version.

answered Oct 14 '15 at 18:16

Sascha

160

Sascha, Have you been able to find a more native app for Mac OS to generate the Google Tokens? – Saqib Ali Nov 03 '16 at 18:49

score 2 · Answer 13 · answered Mar 17 '14 at 21:37

2

YubiKey offers a hardware solution (an USB dongle) that's capable of doing OATH-TOTP.

There's also a Windows helper program:

http://www.yubico.com/applications/internet-services/gmail/

answered Mar 17 '14 at 21:37

ce4

923

score 1 · Answer 14 · answered Nov 10 '16 at 18:06

1

There's a Chrome app that's compatible: https://chrome.google.com/webstore/detail/gauth-authenticator/ilgcnhelpchnceeipipijaljkblbcobl?hl=en

answered Nov 10 '16 at 18:06

Dan Jones

139

This appears to be a better reviewed chrome extension – Brad Parks May 08 '17 at 12:49

score 0 · Answer 15 · answered Feb 12 '18 at 09:49

You can use my script: otp.py

The downside of it is that:

you'll see a proper countdown only when the first code expires :)
this zenity popup doesn't allow copy & paste (this is a big limitation IMO)
it was working on Mac, but Cocoa Dialog was retired and it doesn't work anymore.
perhaps it can be adapted to work on Windows, by installing Zenity on Windows (which is possible).

score 0 · Answer 16 · answered Aug 23 '18 at 18:49

I'm just getting up to speed with this myself, but it appears that there is now a google-authenticator command-line interface that's distributed with the PAM module at https://github.com/google/google-authenticator-libpam.

Some further information on setup (aimed at use with ssh on CentOS) can be found in an article at https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-centos-7.

score 0 · Answer 17 · answered Sep 03 '18 at 15:09

0

There is an open-source authenticator implementation: https://github.com/Authenticator-Extension/Authenticator.

answered Sep 03 '18 at 15:09

pjpj

101

score 0 · Answer 18 · answered Jun 07 '19 at 13:12

0

Open-sourced keeweb has OTP option built-in, on top of the password manager + autogen pass. Works on MacOSX and as a WebApp

https://github.com/keeweb/keeweb

answered Jun 07 '19 at 13:12

mirageglobe

111

score 0 · Answer 19 · answered Jul 13 '19 at 00:23

0

For Python user, there is a little tool called mfa available through PyPI. Just install it using pip install mfa.

https://github.com/limeburst/mfa

answered Jul 13 '19 at 00:23

onelaview

111

Be aware: This software is no longer maintained nor recommended. – Valeriy Solovyov Nov 15 '20 at 17:08

circulosmeos · Answer 20 · 2018-01-26T07:01:15.033

-1

If you wrote down the seed for your sites and have Python (easy to install on Mac/Windows/linux), you can use this command line script, which also tries to hide the seed from inadvertent bad use: twisted2sv.

edited Jan 26 '18 at 07:01

answered Jan 25 '18 at 22:02

circulosmeos

121

score -1 · Answer 21 · answered Feb 20 '19 at 06:37

-1

Use this Python simple script to get authentication code all you have to do is add your secret when prompt.

https://github.com/abhishek-bharadwaj/Authenticator/blob/master/Authenticator.py

answered Feb 20 '19 at 06:37

Abhishek

99

score -1 · Answer 22 · answered Aug 17 '20 at 09:19

Install and run Google Authenticator on BlueStacks Android emulator - very easy and it gives you a single click Google Authenticator shortcut on the desktop that will load bluestacks with authenticator already open. Almost as good as a Google Authenticator desktop app.

Is there a Google Authenticator desktop client?

22 Answers22