Google authenticator for desktop

Question

Is there a desktop application for Google authenticator (an equivalent to the phone app, not the PAM lib)?

score 24 · Answer 1 · answered Mar 16 '18 at 13:56

24

Simply install the small command line utility oathtool.

sudo apt-get install oathtool

Then run such a command to get a one time password:

oathtool --totp -b YOURSECRET

answered Mar 16 '18 at 13:56

MortezaE

463
3
7

1

For further instructions, read this https://thirld.com/blog/2016/01/16/generating-two-factor-authentication-codes-on-linux/ – luca76 Mar 27 '19 at 10:39
2

If I have the google authenticator on my phone, where do I get the SECRET from? – Nathan B Jan 11 '21 at 11:34
Good! I will make a GUI problem based on this then post it here too! – Emoji Mar 11 '21 at 23:21
This answer is great, but I don't like ending with 2FA secrets in my Bash history. Is there a more secure way to invoke oathtool that I might be missing? – Marcel Hernandez Oct 23 '21 at 22:09
@MarcelHernandez You can define an alias for the command and put it in .bashrc, but then the secret will be stored in that file. There's no way to generate OTP and not store the corresponding secret somewhere. If you want true 2FA, then the only way to achieve that is to use a separate device, like a phone, for OTP. – rustyx Nov 15 '21 at 10:21
Since I asked this question I found and settled on the pass password manager with the OTP plugin https://www.passwordstore.org/ https://github.com/tadfisher/pass-otp – Marcel Hernandez Nov 16 '21 at 14:22
@MarcelHernandez no more of interest for you, but add this to your .bashrc avoid sensitive info going into history
export HISTCONTROL=ignorespace .. more info here:

https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html
– appsmatics Feb 26 '24 at 02:02

score 13 · Accepted Answer · answered Aug 31 '12 at 08:46

13

There are Java apps, both GUI and CLI. Both were listed on the Google Authenticator page at Wikipedia. Both include install instructions on their respective download pages.

I like the idea but I have not tested either of these nor would I assume they are secure or even work correctly. This is a summary of my search results, not a recommendation.

answered Aug 31 '12 at 08:46

Tom Brossman

13,111

1

Cool, thank you. It's too bad these are not provided with the google-authenticator code. Also, I wonder if it would be easy to make some kind of desktop widget with multiple account/key pairs, maybe using another language ;-) – raphink Aug 31 '12 at 10:00
@Raphink yes, maybe a dead simple appindicator that would drop down a small menu with the code(s)? Maybe it's best to require two different devices to log in from a security perspective though. I'm very reluctant to trade security for convenience. – Tom Brossman Aug 31 '12 at 11:31
An appindicator would be very nice indeed. Porting the code to another language (e.g. python) shouldn't be too hard. As for several devices… well there's still the password. I don't really see a problem with having the authenticator on the desktop as far as security goes. – raphink Aug 31 '12 at 11:56
1

To be clearer, the main security feature of TOTP imo is to prevent login/password remote attacks, not so much local attacks using the 1 or 2 machines I use every day. – raphink Aug 31 '12 at 11:57

pa4080 · Answer 3 · 2018-01-31T14:53:26.243

You can use some Extension for your web browser, they work pretty good.

Here you go, here's an example:

For Chrome/Chromium/Yandex (and other Chrome based browsers) you can use Authenticator. Just click on "Add to Chrome" button from this link.

Or you can add it through: Customise and control menu (three dashes/dots upper right corner of the browser) > Settings > Extensions > Get more extensions (in the bottom of the list) > Search the store for: Authenticator.

You need to add a Passphrase. This step will allow you to sync multiple instances - transfer of the authentication data between computers which you use with your Google account.

To add an authentication key: First click here to open a demo barcode in your browser. Then follow next steps for: Scan QR code or Manual entry. If the barcode is not generated by some Google application, for most cases you must use only Manual entry. If the authentication code is time based you must use Sync Clock with Google function.

To use the application, just click on the Authenticator icon. Wait for the beginning of a new cycle. Click on the new generated key. It will be copied to the clipboard.

Use the key! Usually you have about a minute and a half to use it.

I'm not so familiar with other browsers, but for example, within Firefox in a similar way you can use Open Two-Factor Authenticator.

In addition, the next answers describe how to implement Two Factor Authentication (using Google Authenticator) within Apache2 and OpenSSH:

Thank for this hint, I installed it on Ubuntu Chrome Browser. To import my Google Auth accounts, I had to take a picture of the QR in my phone with another phone (screenshot is forbidden in Google Auth App) and send it to my Ubuntu where I put it on my localhost, where I could scan it with the extension. Cumbersome but working :) — franc, Mar 11 '23 at 11:21

score 1 · Answer 4 · answered Sep 27 '18 at 15:36

You could also try authenticator

To install, just type:

pip3 install authenticator

You could add accounts using

authenticator add MyAccount

At first it will ask you to create data files (say yes), then ask for a password to secure your otp secrets (required). After you confirm your password, it will ask for the secret code to generate the one time password. To generate an OTP:

authenticator gen MyAccount

Google authenticator for desktop

4 Answers4

Linked