An Authenticator App you can use to get around 2FA BS — without a smartphone!

Two Factor Authentication (2FA) is truly one of the most annoying things being imposed on us these days. It forces you to keep your phone at hand just to log in to the basic websites & things you need, like a digital leash. (And the forced part of it really pisses me off — it should be my choice if I want to use a strong password, keep that password safe, and opt-out of 2FA. But that’s a topic for another day…)

I do my work at a computer (not a phone, not a tablet, a real computer), and when I’m working I want minimal distractions. I often work with my phone off, or not even in the same room with me. It’s therefore so annoying when I need to login to, say, Gmail, and it won’t let me without pressing some stupid number prompt on my phone — forcing me to stop what I’m doing, get up and retrieve my phone, and waste several minutes jumping through this unnecessary hoop.

All of that is bad enough, but recently I encountered a site — which unfortunately I must use frequently for my work — which added a new 2FA requirement, only this one didn’t give me the option to receive a code by SMS or email. The ONLY choice provided was to use an “authenticator app”, with a QR code shown and buttons for installing certain Google and Microsoft apps provided. Fuck. 🙁

Up to this point in my life, I had gotten by without ever using an Authenticator App. I didn’t even really know what one was or how it worked, other than I’ve seen people whip out their smartphones and scan these QR codes with them. My phone doesn’t scan QR codes! So what was I to do?

I researched many options and possible workarounds, including the possibility of running an Android emulator on my Windows PC solely for the task of running this stupid Authenticator App. But thankfully, none of that proved necessary in the end, thanks to a Windows portable application I found called WinAuth.

What is WinAuth and how do I use it?

WinAuth is a portable, open-source Authenticator App for Windows. Because it’s portable, no installation is required. Just download it, unzip it, and run it. (I love that!)

How does an Authenticator App even work? In a nutshell: what you’re doing is taking a special cryptographic code ONE TIME from the website/service/whatever-it-is, which the Authenticator App saves. The Authenticator then runs a special algorithm to come up with a time-sensitive numeric code. These numeric codes only remain valid for a very short period of time before they change. This numeric code is what you have to type in to finish the login process.

Think of it as a password that changes every 30 seconds. The Authenticator App helps you keep track of it.

When you run WinAuth for the first time, you’ll need to create a pairing between the one-time cryptographic code and the app. Click the “Add” button to start. You’ll see some common services (Google, Microsoft, etc.) already built-in. If you’re not sure, just choose the “Authenticator” option at the top.

Next, type the name of the website/service/whatever-it-is. This is just for your own reference, so you can type whatever you want here.

Then you need to enter the one-time cryptographic code from the website/service/whatever-it-is. If they are kind enough to let you see the code directly, it will be a string of gibberish letters and numbers, something like “MYKCQAT0H07V5BGLOYPEFOCIEZM2PD88”. Otherwise if they only stick a QR code in your face, than you can copy and paste the URL of that QR code into WinAuth and it will decode it for you, which is really a great feature. (If you’re not sure how to copy and paste the URL of the QR code, right-click on the QR code itself, and then choose the “Copy image address” option (Chrome) or “Copy image link” (Firefox) — other browsers will be similar.)

Finally, click the “Verify Authenticator” button to get a numeric code which you can enter back into the website/service/whatever-it-is to make sure its working.

That’s it! Now you can use WinAuth from your computer to pass any stupid 2FA Authenticator App requirements — with no smartphone!

Final thoughts

WinAuth is an old application, but it still works just fine. As of this writing it hasn’t been updated in about 8 years, but, honestly, who cares? As long as it works (and it does!) I am happy. It’s open source and the source code is archived on GitHub. That means if anything ever happens it could be fixed/updated if need be.

I’ve seen rumblings online about how 2FA sucks (and it does!), but let’s sincerely hope “they” don’t replace it with something worse, like fingerprints or retina scans. As if big brother weren’t tracking us enough already…

Anyway, I hope this post helps others who may be in the same predicament!

Now, have some random memes I found while angry-searching the internet on this topic:

(Programmers will get this)