You are here:
All Content / Science and Technology / Information Technology / Coding and Development - Reference … / 2FA and Authenticator Apps - The Issues and the …
Table of Contents
Subscribe to Our Newsletter
Follow us by subscribing to our newsletter and navigate to the newly added content on this website directly from your inbox!
to subscribe to this page.
Author  
manisar
Author's Display Image

"Whenever you can, share. You never know who all will be able to see far away standing upon your shoulders!"

I write mainly on topics related to science and technology.

Sometimes, I create tools and animation.

2FA and Authenticator Apps - The Issues and the Way Out!

March 15, 2022

Author - manisar

In the article below, I propose and justify the use of the following open sourced authenticator apps which will result in less rework and re-configuration for you in the long run.

  • WinAuth on Windows Laptop/PC (or a similar app on Linux)
  • FreeOTP on Android and iOS

You can quickly go The Verdict if you want, or read below for a full explanation.

2FA is almost ubiquitous now. Most big user-facing websites that need to do user management and authentication have either enforced it or they have it in the cards.

While the additional security 2-factor authentication brings to the table, along with the fact that it mostly disposes of the need of security questions, unquestionably makes it unavoidable.

One may not find anything bad or undesired about it, except someone nit-picky like me.
I have the following two issues with it.

  1. If using a laptop or PC, I need to have another device on me all the time - a phone, iPad etc. - basically an Android or iOS device.

  2. The dependency on this other device is tightly coupled to my current-device.
    This means that not only I need "a" secondary device, but "the" secondary device, i.e. my secondary device needs to be the same that I had used while setting up 2FA for a given account.

    If I change my secondary device for any reason, I may have to set up all accounts individually again (in general) - a simple export/import or cloud backup may not be of any help. And this can be a real pain in the neck.

This article is about working around the two issues mentioned above.

We'll see how, with a little diligence, we can have the peace of mind of not having to depend on a specific device or app, and of not worrying about what happens if we lose it.

Let's start with the first issue above. In general, these days, it is a non-issue.
We log in to our accounts either on our phone itself, or on our laptop/PC with our phone by our side.

On top of that, we can have trusted devices - devices on which we do not need to enter the security code repeatedly (for a given account).

All good, correct?

Except, it's not when I am primarily a laptop/PC person (i.e. I like to do most of my serious work on PCs) and I do mind having a break in my chain of thought and work flow that is introduced by having to leave the keyboard and mouse, find and pick up my phone, go to the authenticator app, unlock it, scroll to the respective account, remember and manually feed the code on my laptop!

For Laptop/PC

The problem mentioned above has a not-so-difficult solution - there are authenticator apps out there that you can install on your laptop/PC, and that will save you the trouble of reaching out to your phone.

nocaption-WinAuth Preview

If you ask me, for such an app to be useful, I would need it to be:

  1. local - i.e. doing all the processing locally on my machine.
  2. providing security options like encryption, password-protection
  3. providing the option for exporting accounts (in the form of both readable text and QR code, that too in freely importable* format) - the last one is needed for the second issue mentioned above.
  4. open-source - this will (sort-of) guarantee that there is no unscrupulous manipulation of my data.

For Windows, such an app is WinAuth.

Please do me a favor and let me know of a similar app for Linux 🙏.

For Mobile

Ok, with WinAuth we can get security codes right from our Laptop/PC.
But we need something for mobiles as well.

There are not many open-source authenticator apps, but out of the ones available, I propose FreeOTP for its sheer simplicity!
It does one and only one thing - generating authentication codes - no password management or those sort of things.

FreeOTP Android Preview

FreeOTP iOS Preview

Now, you may think that at least export or cloud-backup features would have been nice - for making the configured accounts portable, eh?

But almost all apps I've looked into are useless in terms of portability in spite of having these features! Examples below.

Microsoft Authenticator, like most other authenticator apps, gives the option of cloud backup. But the caveats are these:

  1. You will have to create an account with the provider, sharing your email etc. which is too-much for me for this simple task.
  2. Worse, the backup is incompatible between OS's, i.e. if you had backed up your accounts from an iOS device, you will not be able to import them to Android and vice versa. Seriously, what is the point of backup then?

Google Authenticator is the only app I've come across that provides an option of exporting the accounts in the form of QR codes, but again... Houston, we have a problem! These QR codes can be imported (read) ONLY by the Google Authenticator app! This is what I meant when I used the term freely importable above.

Further, by having the option of exporting the accounts in the form of only QRs, and not in (password protected or not) text format that can be used later, we need both the old and the new devices together while doing the import (unless you care about taking screenshots of each QR).

This becomes problematic, e.g. if we lost our old phone, or we did not care to import the accounts into the new phone before getting rid of the old phone.

So, with both cloud backup and exporting features being useless with most of the apps anyway, it is Ok for FreeOTP to not have these at all! Especially when we are already using WinAuth on our laptop/PC that has all these features. With WinAuth, you can:

  1. Export all your accounts in text format (that can be password protected).
    You can save these in some safe location of your choice, and not worry about losing your phone, or moving over to a new OS.

  2. Export individual accounts in the form of QR codes that you can import in your mobile device (using FreeOTP) or any other app.

Read The Verdict for a final summary.

Advertisement

The Verdict

  1. Use WinAuth on your laptop/PC (or a similar app on Linux).
    With it, you can export your accounts both in the form of:
    1. text - for importing in future when needed, and
    2. QR codes - for immediate importing to another app (on your mobile device).

  2. Use FreeOTP on your mobile device.
    You may use other authenticator apps but they will not add any significant value as far as generating authentication codes is concerned.

For each new account you need to set up,

  1. first add it to WinAuth, and
  2. then use its QR export feature for adding this account to your mobile app.

Once in a while, remember to take backup of your accounts in WinAuth, preferably in the form of password protected .zip file, and save it to a cloud of your choice!

And then, you need not worry about setting up the accounts from scratch again in case you:

  1. lose your phone or laptop,
  2. get rid of old device before setting up the accounts on a new device,
  3. change mobile operating systems (Android to iOS or vice versa).

Should such a need arise:

  1. When moving to a new laptop/PC, get the WinAuth app and use the import feature to import from your previously exported .zip or text file.

  2. When moving to a new mobile device, get the FreeOTP app, and, in WinAuth, use the Show Security Key... menu option (by right clicking on each account), and then scan the QR code shown with the FreeOTP app.

Finally, if you liked these apps, do not forget to show your appreciation to their creators in the form of donation or whatever other way you like!

A Reason to Donate

The page has no or minimal advertisement. If you want to contribute towards keeping this website running, think about donating a small amount. This helps in reducing the number of ads as well. You can decide the amount on the payment page. Thanks!
Advertisement

Return to Coding and Development - Reference and Tools

Tell us what you think (select text for formatting, or click )