WinOTP Authenticator is an open-source alternative for WinAuth

Ashwin
Sep 12, 2019
Security, Windows 10
|
20

Some days ago, we told you about Authenticator, an open-source 2-step verification app for iOS. The app generates codes for two-factor authentication use. Many web services support 2FA to add another layer of security to the user authentication process.

Today, it's the turn of an equally simple Windows app called WinOTP Authenticator. It is a UWP app, and hence exclusive to Windows 10.

A brief history about the app: about a year ago an app called "Authenticator for Windows" was removed from the Windows Store. This was a proprietary app and was one of the few available for Windows Phone/Windows 10. The author open-sourced the app shortly after hoping that someone would resurrect it, and that's exactly what happened a few months ago.

How to add an account to WinOTP Authenticator

This process is slightly different from a phone 2FA app where you'd point the camera at the QR code on the screen and are done with it. The app works by entering the "secret key" manually which is identical to the process on mobile devices if you select the manual way during setup.

Here is how it works:

  1. Enter the name of the account's website in the Service box (for e.g. Microsoft, Google, Apple, etc). This is just for your reference and you may pick anything you want. It is advised to pick a descriptive name to help with identification.
  2. Type your account's username in the corresponding field. This can be whatever you want to as well.
  3. Finally, enter the long code from the website's 2-step authentication settings.
  4. Click on the save button.

Note: There is an alternative way. The program says that you can drag the QR-code that is displayed on the screen on to the interface of WinOTP Authenticator and it should read the code. I tried it a couple of dozen times with different services, but it did not work.

TOTP timer bar

Instead of a circle (which fills up or disappears) that you are maybe used to when you use mobile devices to generate the authentication code, WinOTP Authenticator displays a horizontal bar that progresses from the left to the right to indicate when the displayed code will expire.

Copy to clipboard

WinOTP Authenticator displays the TOTP codes for all of your added accounts on the home page. To copy a code to the clipboard just click on it. There is a setting which clears the clipboard when a copied code expires; this is enabled by default and there is little reason to disable it unless you need more time.

Note: The Sync with OneDrive option causes WinOTP Authenticator to crash, at least for me.

You can reorder or delete accounts by clicking on the pencil button on the start bar. Remember to disable 2FA from your account's settings on the website before deleting it from the app as you may run into authentication issues otherwise. You can toggle the app to sync the time using NTP; this is important since 2-factor codes are time based.

Apart from the QR Code and OneDrive issues (which are on the developer's roadmap), the app worked without issues. It offers a convenient option to log in to websites with click and paste.

I stumbled upon this app while looking for a WinAuth alternative and it has been a fine replacement. Normally I wouldn't recommend using a PC app for 2-factor authentication because anyone who has access to the PC will have access to the 2FA codes. But, many people have a PC that is private (at home or work), in which case it can be a pretty secure option especially if you use encryption to further protect it from unauthorized access. I'd still recommend using a phone app/email for 2FAs as a fallback (and don't forget those recovery/backup codes).

Summary
Author Rating
2 based on 3 votes
Software Name
WinOTP Authenticator
Operating System
Windows 10
Software Category
Security
Price
Free
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Love and peas said on November 4, 2022 at 11:59 am
    Reply

    Can you give some examples?

  2. Jeff Brixhamite said on February 4, 2022 at 7:37 pm
    Reply

    There are powerful alternative to available now with several features absent in google authenticator (for example SafeID Authenticator includes encoded QR codes and token sync/transfer).

  3. mithesh reddy bolla said on November 18, 2021 at 4:46 pm
    Reply

    Where is .exe file located for winOtpAuth?

  4. John Navas said on November 12, 2021 at 5:08 pm
    Reply

    You should only use FOSS (Free and Open Source) for security.

    Proprietary code is a recipe for disaster.

  5. Anonymous said on November 21, 2019 at 10:36 am
    Reply

    Nice article!

  6. Anonymous said on November 12, 2019 at 3:22 pm
    Reply

    Nice Article!

  7. John Smith said on September 15, 2019 at 3:28 pm
    Reply

    Personally, I use Authy,
    Being a multiple device, Linux, Mac OS, Windows user, I found it nice. The backup option makes it even more convenient to us for me.
    https://authy.com/

    1. Anonymous said on July 8, 2021 at 12:41 pm
      Reply

      Excellent. After your suggestion @John Smith, I would say Authy is the best of the bunch. Cheers

  8. some1 said on September 13, 2019 at 9:33 am
    Reply

    What is this Windows Store junk. Why don’t they release a normal portable exe?!

    I would use Keepassxc or WinAuth instead.

    1. John Fenderson said on September 13, 2019 at 5:26 pm
      Reply

      @some1:

      It is weird. I’m also one who doesn’t use the store, and won’t use applications that must come from the store. Microsoft gets too much data about me as it is, I’m certainly not going to volunteer even more.

  9. Alex said on September 12, 2019 at 6:16 pm
    Reply

    You can use KeePassXC for this. I’d also avoid a Store app for this kind of thing.

    1. Stanislav said on September 12, 2019 at 7:55 pm
      Reply

      Or Biwatrden, but it’s their paid feauture. Bitwarden is so much comfortable in daily usage than KeePass.

      1. JustinK said on September 12, 2019 at 11:02 pm
        Reply

        Paid and bloated electron app? No Thanks. KeePassXC is the better option.

  10. Anonymous said on September 12, 2019 at 4:56 pm
    Reply

    Please consider reviewing “Aegis Authenticator”
    https://beem.dev/

    Thanks

    1. Anonymous said on September 12, 2019 at 5:48 pm
      Reply

      Aegis Authenticator on Android is really good. Excellent UI and functionality; much better than AndOTP IMO.

  11. brandon said on September 12, 2019 at 3:19 pm
    Reply

    I used to use this, but switched to authy when it was inexplicably removed from the windows store

  12. JeoSi Jaja said on September 12, 2019 at 1:51 pm
    Reply

    Exclusive to Windows 10 and Store… instant skip of app install.

  13. Jeff said on September 12, 2019 at 11:59 am
    Reply

    Use Authy Desktop app or Android app. It can backup your 2FAs to cloud and is heavily secured. No Store/UWP super bloated crap either although the Desktop app is Electron-based crap.

    1. Josh said on January 17, 2020 at 5:02 pm
      Reply

      Lmao how is UWP bloated? It uses additional security over win32 programs.

  14. D said on September 12, 2019 at 8:28 am
    Reply

    Why was it removed from the store in the first place?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.