WinOTP Authenticator is an open-source alternative for WinAuth
Some days ago, we told you about Authenticator, an open-source 2-step verification app for iOS. The app generates codes for two-factor authentication use. Many web services support 2FA to add another layer of security to the user authentication process.
Today, it's the turn of an equally simple Windows app called WinOTP Authenticator. It is a UWP app, and hence exclusive to Windows 10.
A brief history about the app: about a year ago an app called "Authenticator for Windows" was removed from the Windows Store. This was a proprietary app and was one of the few available for Windows Phone/Windows 10. The author open-sourced the app shortly after hoping that someone would resurrect it, and that's exactly what happened a few months ago.
How to add an account to WinOTP Authenticator
This process is slightly different from a phone 2FA app where you'd point the camera at the QR code on the screen and are done with it. The app works by entering the "secret key" manually which is identical to the process on mobile devices if you select the manual way during setup.
Here is how it works:
- Enter the name of the account's website in the Service box (for e.g. Microsoft, Google, Apple, etc). This is just for your reference and you may pick anything you want. It is advised to pick a descriptive name to help with identification.
- Type your account's username in the corresponding field. This can be whatever you want to as well.
- Finally, enter the long code from the website's 2-step authentication settings.
- Click on the save button.
Note: There is an alternative way. The program says that you can drag the QR-code that is displayed on the screen on to the interface of WinOTP Authenticator and it should read the code. I tried it a couple of dozen times with different services, but it did not work.
TOTP timer bar
Instead of a circle (which fills up or disappears) that you are maybe used to when you use mobile devices to generate the authentication code, WinOTP Authenticator displays a horizontal bar that progresses from the left to the right to indicate when the displayed code will expire.
Copy to clipboard
WinOTP Authenticator displays the TOTP codes for all of your added accounts on the home page. To copy a code to the clipboard just click on it. There is a setting which clears the clipboard when a copied code expires; this is enabled by default and there is little reason to disable it unless you need more time.
Note: The Sync with OneDrive option causes WinOTP Authenticator to crash, at least for me.
You can reorder or delete accounts by clicking on the pencil button on the start bar. Remember to disable 2FA from your account's settings on the website before deleting it from the app as you may run into authentication issues otherwise. You can toggle the app to sync the time using NTP; this is important since 2-factor codes are time based.
Apart from the QR Code and OneDrive issues (which are on the developer's roadmap), the app worked without issues. It offers a convenient option to log in to websites with click and paste.
I stumbled upon this app while looking for a WinAuth alternative and it has been a fine replacement. Normally I wouldn't recommend using a PC app for 2-factor authentication because anyone who has access to the PC will have access to the 2FA codes. But, many people have a PC that is private (at home or work), in which case it can be a pretty secure option especially if you use encryption to further protect it from unauthorized access. I'd still recommend using a phone app/email for 2FAs as a fallback (and don't forget those recovery/backup codes).
Can you give some examples?
There are powerful alternative to available now with several features absent in google authenticator (for example SafeID Authenticator includes encoded QR codes and token sync/transfer).
Where is .exe file located for winOtpAuth?
You should only use FOSS (Free and Open Source) for security.
Proprietary code is a recipe for disaster.
Nice article!
Nice Article!
Personally, I use Authy,
Being a multiple device, Linux, Mac OS, Windows user, I found it nice. The backup option makes it even more convenient to us for me.
https://authy.com/
Excellent. After your suggestion @John Smith, I would say Authy is the best of the bunch. Cheers
What is this Windows Store junk. Why don’t they release a normal portable exe?!
I would use Keepassxc or WinAuth instead.
@some1:
It is weird. I’m also one who doesn’t use the store, and won’t use applications that must come from the store. Microsoft gets too much data about me as it is, I’m certainly not going to volunteer even more.
You can use KeePassXC for this. I’d also avoid a Store app for this kind of thing.
Or Biwatrden, but it’s their paid feauture. Bitwarden is so much comfortable in daily usage than KeePass.
Paid and bloated electron app? No Thanks. KeePassXC is the better option.
Please consider reviewing “Aegis Authenticator”
https://beem.dev/
Thanks
Aegis Authenticator on Android is really good. Excellent UI and functionality; much better than AndOTP IMO.
I used to use this, but switched to authy when it was inexplicably removed from the windows store
Exclusive to Windows 10 and Store… instant skip of app install.
Use Authy Desktop app or Android app. It can backup your 2FAs to cloud and is heavily secured. No Store/UWP super bloated crap either although the Desktop app is Electron-based crap.
Lmao how is UWP bloated? It uses additional security over win32 programs.
Why was it removed from the store in the first place?