Windows Authenticator App

Topic

New Reply

WinAuth.exe V3.5.1
Requires .NET Framework

Runs on Windows as a portable application (no install).
Can have 2FA/MFA added to Google, Microsoft, Amazon accounts, etc., with this Windows App.

Can place the winauth.xml file in the same directory as EXE. Remember to backup XML file.

My favorite feature is the winauth.xml file can be protected with a password:
“All private authenticator data is encrypted with your own personal password…”.

Ref:
https://winauth.github.io/winauth/
https://github.com/winauth/winauth

Tested with included Google and Microsoft Authenticators.
Can NOT require the winauth.xml file to be tied to a specific PC.
Free.  Open Source.

No cell phone required. Use Windows instead.

The mobile competition:
https://www.pcmag.com/picks/the-best-authenticator-apps
AskWoody’s newsletter article on Microsoft’s Authenticator is in issue 16.18.0, dated 2019-05-20.

Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

1 user thanked author for this post.

7ProSP1

Reply | Quote

Replies

“This will likely be the last version of WinAuth when released as 3.7. It has reached the end of its useful life and requires a massive UI overhaul. ”  Last written in 2018.  Doesn’t look like it’s well supported.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Is there a way to use the Microsoft Authenticator app without a smartphone? I see where it can be downloaded to your computer but I do not see how it works.

Reply | Quote

ECWS wrote:

Is there a way to use the Microsoft Authenticator app without a smartphone?

I don’t think so.

ECWS wrote:

I see where it can be downloaded to your computer but I do not see how it works.

Where? It’s not a Windows app:

How to set up the Microsoft Authenticator app

1. Download & install the Microsoft Authenticator app to your mobile device.

How to use the Microsoft Authenticator app

Reply | Quote

Yes, and it works just fine! (https://winauth.github.io/winauth/download.html)

I installed it on my PC and have it set to generate the access codes for 5 different sites I use.

To add a site you have to use the “secret code” the site presents when you indicate you can’t scan the QR code to set it up as follows.

Click the Add button at the bottom and select Authenticator.

In the pop-up window:

• enter a custom name for the site (can be anything but I use the actual site name)
• enter the “secret code” in box 1
• click the Decode button
• set the type (note, I’ve never encounter a Counter-based site)
• click the Verify Authenticator button and ensure the code matches what the site expects
• if it does, click OK

Whenever you visit a site that requires authentication, open WinAuth but don’t click the circling arrows to generate the code until the site actually asks for it (i.e. if you click it too early, the code “may” time out before you get to enter it.

Reply | Quote

The question you answered was about Microsoft Authenticator.

Reply | Quote

Authy has a Windows and phone version – I use both.

cheers, Paul

Reply | Quote

With WinAuth.exe on your Windows PC:
* Does not require a cell phone.
* Is local to your Windows desktop and not cloud based.
* Can be used to log into a Microsoft account using a Microsoft style authenticator.
* The UI for WinAuth.exe is difficult to use.

How it works: When you create an authenticator entry in WinAuth.exe, you provide the seed, which is provided to you by the web account. From then on the 6 digit number generated upon request is time based. The PCMag link also explains how they work.

There are multiple 2FA/MFA methods. The web account must support the authenticator style of second authentication. If so, it will generate the seed needed to create an entry in an authenticator app.

After an entry is created, I always test it, to verify I inputted the seed (a number) correctly.

Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

Reply | Quote

ECWS wrote:

Is there a way to use the Microsoft Authenticator app without a smartphone?

Reading between the lines, I’m assuming it’s not specifically the Microsoft Authenticator app you’re trying to use, but rather you’re merely trying to replicate its function on a PC. As others have said, you can use a different app or program on your PC that will perform the exact same function. (I’ve got a little backgrounder tutorial if it helps get your head around how these things work.)

For a PC, I use the WinAuth application. (Like oldfry, I’m partial to it because it’s not cloud-based.)

 

To further clarify what n0ads and oldfry have said, when you try to login to your 2FA/TOTP protected account and get to the step where the remote site says, “enter the 6-digit code from your authenticator app,” you’ll launch WinAuth, right-click the corresponding acct, and copy/paste the code into your browser. (Alternatively, you can click the “cycle” icon and WinAuth will display the 6-digit code for you to manually type into your browser.)

If it’s a Microsoft account for which you’re trying to setup 2FA, when you launch WinAuth and click the “Add” button at the bottom, WinAuth will offer Microsoft-specific instructions for how to add your Microsoft account to WinAuth.

 

Tip: When setting up a TOTP-style 2FA, I always take a screenshot of the QR code or copy/paste the alphanumeric text string to a safe place. That way, you can use the same seed to setup another authenticator app in the future on your phone or another computer.

Reply | Quote

Would your suggestion work with Microsoft Authenticator?  Hard to believe that Microsoft would require you to obtain a Smart Phone (with a monthly fee) just to be able to access Office.com!

Here is what happens when I try to access Office.com for our company.

1. User name
2. Password
3. Text to phone six digit code
4. Enter six digit code
5. Microsoft Authenticator (See screenshot).  – Only option is to add it to a smartphone that I do not have.  Only have an Orbic (Verizon) flip phone.

 

Reply | Quote

Talk to your IT help desk.

I am not aware of a Microsoft written authenticator that runs on Windows OS.

I am using a corporate account protected by Microsoft. Initially all I saw was phone verification. But I went to my business Microsoft account via a link in the login help. From there I was able to add a 2FA/MFA authenticator entry using the WinAuth.exe authenticator Windows app, that does not require a phone of any kind.

My company also allowed 2FA/MFA verification via a landline. So no cell phone for that 2FA/MFA method either.

Likewise, for my personal Microsoft account at login.live.com, I was able to login after getting the 6 digit security code from another email account, and add WinAuth.exe as another 2FA/MFA method.

Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

1 user thanked author for this post.

ECWS

Reply | Quote

Thanks for the suggestion.  Contacted IT help desk.

Reply | Quote

Don’t get hung up on the “Microsoft” branding. You can use many other TOTP authenticators in lieu of the one Microsoft provides. If given the same seed, they all perform the same calculation, and you can use them interchangeably. So you can setup your Microsoft account on Microsoft Authenticator, or you can set it up on Google Authenticator, or on Facebook Authenticator, or on many others such as WinAuth or Authy on a PC. The authenticators are not unique to the service; they all do the same thing if given the same seed when setting up a given account. For instance, even if you setup Microsoft Authenticator on a smartphone, you can setup WinAuth or Authy on a PC and they’ll all generate the exact same 6-digit codes if configured with the same seed.

 

“Microsoft Authenticator – Only option is to add it to a smartphone that I do not have.”

No, that’s not your only option. That’s what WinAuth and Authy are for: to stand in for a smartphone.

It’s been a long time since I setup my Microsoft accounts so screenshots or terminology might be a little different, but I imagine the process is still pretty much the same as the screen shots n0ads and I have shown.

As in n0ads’ screenshots, download and launch WinAuth, click the “Add” button, select “Microsoft”, and you should see the screenshot in my post, telling you what to do next to stand in for Microsoft Authenticator.

Next, in your browser, login to your Microsoft account and go through the motions as though you’re setting up Microsoft Authenticator on your smartphone. When Microsoft shows you a QR code and says to point your smartphone camera at it, click “I can’t see the code”. Microsoft will instead show you the super-long alphanumeric seed string that’s embedded in the QR code, which you can then cut-and-paste back in your WinAuth setup window. (Note there’s nothing special about the QR code — it’s just a convenient way of transferring the seed string from your browser to your phone. On a PC, you can achieve the same thing with cut-and-paste.)

When finishing up the setup, WinAuth will test-generate a 6-digit code, Microsoft will ask you to enter that code, and if they match that confirms to Microsoft that you and the Microsoft server are using the same seed, and you’re good to go.

From that point on, Microsoft may at times ask you to enter the 6-digit code from your phone’s “Microsoft Authenticator app” when logging in. Launch WinAuth instead, and copy/paste the 6-digit code from there, and Microsoft is non the wiser that you don’t actually have a smartphone.

 

Caveat:

All of the above assumes you’re logging in to your own account with your company, and it doesn’t yet have 2FA setup. Your latest post seems to indicate that’s the case.

In contrast, if you’re sharing a group account, you should let your company take care of it and they’ll give you the seed they’re already using. If you were to go through the motions of setting up 2FA by yourself on a shared account, you could end up locking everybody else out of the account because you’d be changing the seed for everybody.

1 user thanked author for this post.

ECWS

Reply | Quote

Thanks – also really appreciate the caveat.  Contacted IT dept.

Reply | Quote