Jump to content

Gauth: Google Authenticator (Time-Based Two-Factor Authentication)


Recommended Posts

Description

Equivalent of the mobile versions of Google Authenticator: https://itunes.apple.com/en/app/google-authenticator/id388497605?mt=8.

 

I personally use it on Gmail, Amazon AWS, Github, Evernote and Dropbox

 

A bigger list is available on Wikipedia: http://en.wikipedia.org/wiki/Two-step_verification

 

There is also a Pam module project on Github: https://github.com/nlm/pam-google-authenticator

 

anim.gif

 

Non-exhaustive list of links for "secret" installation

Dependencies

  • Python>=2.7

 

System Modifications

Create a ~/.gauth file with your secrets, ie:

[google - bob@gmail.com]
secret = xxxxxxxxxxxxxxxxxx

[evernote - robert]
secret = yyyyyyyyyyyyyyyyyy

It's also possible to add credentials with "gauth add [account] [secret]" from Alfred

 

Source Code: Github

 

Download Links

 

Screenshots

 

1.png

 

2.png

 

3.png

 

Acknowledgments

 

License

MIT

Edited by moul
Link to comment

If you are setting a 2-step verification on Google, I believe the default option will be to send the code to your phone (SMS).

After you setup it, Google will give you another option to "Get codes via our mobile app instead". 

On that screen, if you click on "Switch to app", you'll see a popup panel: "Set up Google Authenticator" with instructions to scan a barcode.

Before you scan the bar code, if you want to see your "secret", click on the link: "Can't scan the barcode?" and than the secret key will be displayed.

The google secret key will look like: "abcd efgh ijkl mnop qwer tyui uiop ab3c"

 

Thanks for this. How do you find your "secret" for each site in the first place?

Link to comment

Thanks for the links, Moul. Works great! Thanks Gilberto for the google advice.

 

Anyone have an idea why I can type "gaut" and I get the workflow in Alfred, but once I finish typing "gauth" I only get web searches?

 

Most likely, you have broken entries in your ~/.gauth

Link to comment

This is a great workflow and such a timesaver!

 

Question on the secret: if you're a current google authenticator user on your mobile device, how would you go ahead and get those secrets again without disconnecting?  Would you simply delete each previous entry and restart?

 

 

Link to comment

This is a great workflow and such a timesaver!

 

Question on the secret: if you're a current google authenticator user on your mobile device, how would you go ahead and get those secrets again without disconnecting?  Would you simply delete each previous entry and restart?

 

From what I know, it is not possible to get a secret from the mobile device
 
I personally had to renew my secrets to be able to add them on both my phone and gauth
Link to comment
  • 2 weeks later...
  • 6 months later...

This workflow is implemented really well but isn't the point of two-factor authentication to have two separate physical devices required to authenticate yourself? What's the point if both factors are on your computer (assuming the computer is what's being authenticated into, and not another device like a smartphone or tablet)?

Link to comment
  • 7 months later...
  • 2 weeks later...

This workflow is implemented really well but isn't the point of two-factor authentication to have two separate physical devices required to authenticate yourself? What's the point if both factors are on your computer (assuming the computer is what's being authenticated into, and not another device like a smartphone or tablet)?

 

Yeah, it does kinda defeat the purpose of 2fa if your computer is the machine you're logging in on. However, the same applies to using a 2fa app on your phone when logging in on your phone…

 

At any rate, I think the secrets should be in Keychain. It would improve the security somewhat versus storing them in plaintext.

Link to comment
  • 3 months later...

Recovery keys are a different thing. They're for when you don't have access to your 2-factor authentication app. They can only be used once.
 
When you activate 2-factor authentication, you typically scan a QR code. Most sites have an option next to/beneath the code to show the secret as text (a QR code is just encoded text). On Google it says "Can't scan the barcode?" You need to click that link.
 
Alternatively, you can use a QR scanner app to decode the QR code and copy the secret from there.
 
The important thing to remember is that if you've already set up 2-factor authentication, there's no way to see the QR code/secret again (unless you saved a copy somewhere—I keep a backup of my secrets in 1Password). You have to reset it and generate a new secret (i.e. re-add it to your 2-FA app).

 

All that said, I still think it's not a great idea to use this workflow because it stores the secrets as plain text. They should be stored in Keychain.

Edited by deanishe
Link to comment
  • 5 months later...

Hi deanishe,

 

Thanks for the reply. I have read the  post all over again and again, still got no luck...

Would you mind telling me where the file locate in the OS?

 

Many thanks!

Create a ~/.gauth file with your secrets, ie:

[google - bob@gmail.com]
secret = xxxxxxxxxxxxxxxxxx

[evernote - robert]
secret = yyyyyyyyyyyyyyyyyy

The file is called .gauth and it's in your home folder. You can't see it in Finder, though, because it's invisible.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...