moul Posted March 13, 2014 Share Posted March 13, 2014 (edited) Description Equivalent of the mobile versions of Google Authenticator: https://itunes.apple.com/en/app/google-authenticator/id388497605?mt=8. I personally use it on Gmail, Amazon AWS, Github, Evernote and Dropbox A bigger list is available on Wikipedia: http://en.wikipedia.org/wiki/Two-step_verification There is also a Pam module project on Github: https://github.com/nlm/pam-google-authenticator Non-exhaustive list of links for "secret" installation Google: http://www.google.com/landing/2step/ Dropbox: https://www.dropbox.com/help/363/en Evernote: http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/ Github: https://github.com/blog/1614-two-factor-authentication Amazon AWS: http://aws.amazon.com/iam/details/mfa/ Facebook: https://www.facebook.com/settings?tab=security Dependencies Python>=2.7 System Modifications Create a ~/.gauth file with your secrets, ie: [google - bob@gmail.com] secret = xxxxxxxxxxxxxxxxxx [evernote - robert] secret = yyyyyyyyyyyyyyyyyy It's also possible to add credentials with "gauth add [account] [secret]" from Alfred Source Code: Github https://github.com/moul/alfred-workflow-gauth Download Links Packal: http://www.packal.org/workflow/gauth-google-authenticator Direct link: https://github.com/packal/repository/raw/master/com.alfredapp.moul.gauth/google_authenticator.alfredworkflow Screenshots Acknowledgments Original alarm clock iconAlex Auda Samora from The Noun Project Licensed under Creative Commons Attribution Status & signs iconsHereldar Terkenya Licensed under a Creative Commons Attribution-Share Alike 3.0 License Original source codeManfred Touron Serial contributorGilberto Olimpio License MIT Edited September 2, 2014 by moul aik099, vdesabou and moul 3 Link to comment
paulw Posted March 13, 2014 Share Posted March 13, 2014 Thanks for this. How do you find your "secret" for each site in the first place? Link to comment
paulelms Posted March 13, 2014 Share Posted March 13, 2014 Best workflow for the last time, thanks! Link to comment
moul Posted March 13, 2014 Author Share Posted March 13, 2014 Thanks for this. How do you find your "secret" for each site in the first place? I added some links in the original post for Google, Dropbox, Amazon AWS, Github, Facebook and Evernote paulw 1 Link to comment
golimpio Posted March 13, 2014 Share Posted March 13, 2014 If you are setting a 2-step verification on Google, I believe the default option will be to send the code to your phone (SMS). After you setup it, Google will give you another option to "Get codes via our mobile app instead". On that screen, if you click on "Switch to app", you'll see a popup panel: "Set up Google Authenticator" with instructions to scan a barcode. Before you scan the bar code, if you want to see your "secret", click on the link: "Can't scan the barcode?" and than the secret key will be displayed. The google secret key will look like: "abcd efgh ijkl mnop qwer tyui uiop ab3c" Thanks for this. How do you find your "secret" for each site in the first place? paulw 1 Link to comment
paulw Posted March 14, 2014 Share Posted March 14, 2014 Thanks for the links, Moul. Works great! Thanks Gilberto for the google advice. Anyone have an idea why I can type "gaut" and I get the workflow in Alfred, but once I finish typing "gauth" I only get web searches? Link to comment
paulelms Posted March 14, 2014 Share Posted March 14, 2014 Thanks for the links, Moul. Works great! Thanks Gilberto for the google advice. Anyone have an idea why I can type "gaut" and I get the workflow in Alfred, but once I finish typing "gauth" I only get web searches? Most likely, you have broken entries in your ~/.gauth Link to comment
moul Posted March 14, 2014 Author Share Posted March 14, 2014 Most likely, you have broken entries in your ~/.gauth Yes, just added some Syntax Error checks on version 1.5.0, thanks ! Link to comment
moul Posted March 19, 2014 Author Share Posted March 19, 2014 Thanks to Gilberto, it's easier to add secrets now You can add secrets by typing from Alfred: gauth add [account] [secret] Link to comment
klitt Posted March 19, 2014 Share Posted March 19, 2014 This is a great workflow and such a timesaver! Question on the secret: if you're a current google authenticator user on your mobile device, how would you go ahead and get those secrets again without disconnecting? Would you simply delete each previous entry and restart? Link to comment
moul Posted March 20, 2014 Author Share Posted March 20, 2014 This is a great workflow and such a timesaver! Question on the secret: if you're a current google authenticator user on your mobile device, how would you go ahead and get those secrets again without disconnecting? Would you simply delete each previous entry and restart? From what I know, it is not possible to get a secret from the mobile device I personally had to renew my secrets to be able to add them on both my phone and gauth Link to comment
paulw Posted March 21, 2014 Share Posted March 21, 2014 From what I know, it is not possible to get a secret from the mobile device I personally had to renew my secrets to be able to add them on both my phone and gauth Yep, same here. Link to comment
Trauni Posted March 21, 2014 Share Posted March 21, 2014 (edited) Hey is it possible to use this also for battle.net? Edited March 21, 2014 by Trauni Link to comment
moul Posted March 21, 2014 Author Share Posted March 21, 2014 Hey is it possible to use this also for battle.net? Not the same mechanism (for now) Link to comment
cjs226 Posted March 29, 2014 Share Posted March 29, 2014 Thank you for this, very cool! Link to comment
Sinsear Posted April 6, 2014 Share Posted April 6, 2014 The greatest workflow ever. moul 1 Link to comment
Pennyworth Posted October 7, 2014 Share Posted October 7, 2014 This workflow is implemented really well but isn't the point of two-factor authentication to have two separate physical devices required to authenticate yourself? What's the point if both factors are on your computer (assuming the computer is what's being authenticated into, and not another device like a smartphone or tablet)? deanishe 1 Link to comment
tommydenton Posted May 18, 2015 Share Posted May 18, 2015 Howdy.. if I might get some help with setting up github. I have the workflow installed, I have an API token, but I for the life of me cannot get the config correct. I have 2fa running on github, facebook, evernote, gmail are all working well. I have tried: [github - thomas@something.com] [github - thomassomething] [github - thomassomething https://api.github.com/user] secret=token Link to comment
deanishe Posted May 31, 2015 Share Posted May 31, 2015 This workflow is implemented really well but isn't the point of two-factor authentication to have two separate physical devices required to authenticate yourself? What's the point if both factors are on your computer (assuming the computer is what's being authenticated into, and not another device like a smartphone or tablet)? Yeah, it does kinda defeat the purpose of 2fa if your computer is the machine you're logging in on. However, the same applies to using a 2fa app on your phone when logging in on your phone… At any rate, I think the secrets should be in Keychain. It would improve the security somewhat versus storing them in plaintext. Link to comment
zaidcrowe Posted September 23, 2015 Share Posted September 23, 2015 Hi All - this looks awesome! I'm struggling with what and where these 'secrets' are - I've followed the links provided, the closest thing I've found are recovery keys, is that the current term? Thanks! Link to comment
deanishe Posted September 25, 2015 Share Posted September 25, 2015 (edited) Recovery keys are a different thing. They're for when you don't have access to your 2-factor authentication app. They can only be used once. When you activate 2-factor authentication, you typically scan a QR code. Most sites have an option next to/beneath the code to show the secret as text (a QR code is just encoded text). On Google it says "Can't scan the barcode?" You need to click that link. Alternatively, you can use a QR scanner app to decode the QR code and copy the secret from there. The important thing to remember is that if you've already set up 2-factor authentication, there's no way to see the QR code/secret again (unless you saved a copy somewhere—I keep a backup of my secrets in 1Password). You have to reset it and generate a new secret (i.e. re-add it to your 2-FA app). All that said, I still think it's not a great idea to use this workflow because it stores the secrets as plain text. They should be stored in Keychain. Edited September 25, 2015 by deanishe Link to comment
west33 Posted March 18, 2016 Share Posted March 18, 2016 Thanks for providing such an awesome workflow! Does anyone know how do I delete or edit a secret that already exist? What is the location of the secret list file? Any comments will be much appreciated. Link to comment
deanishe Posted March 21, 2016 Share Posted March 21, 2016 It says where the file is in the OP. Link to comment
west33 Posted March 23, 2016 Share Posted March 23, 2016 (edited) It says where the file is in the OP. Hi deanishe, Thanks for the reply. I have read the post all over again and again, still got no luck... Would you mind telling me where the file locate in the OS? Many thanks! Edited March 23, 2016 by west33 Link to comment
deanishe Posted March 23, 2016 Share Posted March 23, 2016 Hi deanishe, Thanks for the reply. I have read the post all over again and again, still got no luck... Would you mind telling me where the file locate in the OS? Many thanks! Create a ~/.gauth file with your secrets, ie: [google - bob@gmail.com] secret = xxxxxxxxxxxxxxxxxx [evernote - robert] secret = yyyyyyyyyyyyyyyyyy The file is called .gauth and it's in your home folder. You can't see it in Finder, though, because it's invisible. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now