I'm running Kubuntu 21.10. Can I run Google Authenticator without needing a cellphone?
-
You want to run Google Authenticator in Kubuntu instead of your cellphone? – Archisman Panigrahi Mar 19 '22 at 03:40
-
Is an Android Emulator an option...? That might work. Or, there are Google Authenticator alternatives that run on desktop Linux – cocomac Mar 19 '22 at 04:12
-
1While you can't run google authenticator from linux, you may be able to replicate it's functionality. For instance, if you are trying to authenticate using an OTP seed, you can use the oathtool to generate your OTP code from a seed. For OTP seeds, most interfaces provide something that you can click to get an ascii code from a QR code, otherwise you can scan the code from you phone and then key it into oathtool. – Charles S Mar 19 '22 at 05:19
-
@CharlesS If you need to scan a QR code with a phone you need to have and use a phone! The question is "Can I run Google Authenticator without needing a cellphone?" – ChanganAuto Mar 19 '22 at 18:14
-
Does this answer your question? Google authenticator for desktop – gre_gor Mar 19 '22 at 19:10
-
The search term you want is ‘TOTP’, that’s the name for the standard that GA uses to generate codes. Most decent password managers support it these days, so you likely will not have to look far. – Austin Hemmelgarn Mar 19 '22 at 19:40
-
You can install KeePassXC and simply add TOTP to your entry. Here's some nice in-depth tutorial: https://www.linux.org/threads/in-depth-tutorial-how-to-set-up-2fa-totp-with-keepassxc-aegis-and-authy.36577/ – AndrewMcCoist Dec 09 '22 at 12:35
2 Answers
If you can obtain the image with the QR code containing the secret, you can achieve the functionality of Google Authenticator with a handful of command-line tools.
The image with the QR code can be scanned using zbarimg
(or zbarcam
), available in the zbar-tools package. Scanning will return an URI much like the following:
otpauth://totp/PROVIDER:ACCOUNT?secret=SECRET&algorithm=ALGO&digits=N&period=MM
Words written above in capitals are variables that you will need to extract from your actual code. To generate tokens, you can invoke oathtool
(from the oathtool package) from the command line, like so:
oathtool --totp=ALGO -b SECRET -d N -s MM
The above assumes tokens are generated in TOTP mode (as most are). oathtool
supports HOTP mode as well, which I am not describing here; generating tokens in that mode is a little more involved, as you need to store the number of times a token has been generated, but is still doable. Look at the relevant manpages for more information.
For secret storage and retrieval, you can use for example secret-tool
from the libsecret-tools package (to store in the GNOME keyring), or any other vault tool you like.

- 188
No.
Google Authenticator specifically uses a phone for the 2-step verification. The second step is a code sent to your phone.
You can choose to "keep it simple":
During sign-in, you can choose not to use 2-Step Verification again on that particular computer. From then on, that computer will only ask for your password when you sign in.
You'll still be covered, because when you or anyone else tries to sign in to your account from another computer, 2-Step Verification will be required.

- 1,670
- 8
- 14
- 21
-
2Google Authenticator is a simple TOTP system and there are several PC implementations for it, like for example in KeePass. – allo Mar 19 '22 at 22:56
-
@allo Yes, but please read again the question. Also try to understand who's asking. – ChanganAuto Mar 19 '22 at 23:27