Jump to content
moul

Gauth: Google Authenticator (Time-Based Two-Factor Authentication)

Recommended Posts

Description

Equivalent of the mobile versions of Google Authenticator: https://itunes.apple.com/en/app/google-authenticator/id388497605?mt=8.

 

I personally use it on Gmail, Amazon AWS, Github, Evernote and Dropbox

 

A bigger list is available on Wikipedia: http://en.wikipedia.org/wiki/Two-step_verification

 

There is also a Pam module project on Github: https://github.com/nlm/pam-google-authenticator

 

anim.gif

 

Non-exhaustive list of links for "secret" installation

Dependencies

  • Python>=2.7

 

System Modifications

Create a ~/.gauth file with your secrets, ie:

[google - bob@gmail.com]
secret = xxxxxxxxxxxxxxxxxx

[evernote - robert]
secret = yyyyyyyyyyyyyyyyyy

It's also possible to add credentials with "gauth add [account] [secret]" from Alfred

 

Source Code: Github

 

Download Links

 

Screenshots

 

1.png

 

2.png

 

3.png

 

Acknowledgments

 

License

MIT

Edited by moul

Share this post


Link to post

Thanks for this. How do you find your "secret" for each site in the first place?

I added some links in the original post for Google, Dropbox, Amazon AWS, Github, Facebook and Evernote

Share this post


Link to post

If you are setting a 2-step verification on Google, I believe the default option will be to send the code to your phone (SMS).

After you setup it, Google will give you another option to "Get codes via our mobile app instead". 

On that screen, if you click on "Switch to app", you'll see a popup panel: "Set up Google Authenticator" with instructions to scan a barcode.

Before you scan the bar code, if you want to see your "secret", click on the link: "Can't scan the barcode?" and than the secret key will be displayed.

The google secret key will look like: "abcd efgh ijkl mnop qwer tyui uiop ab3c"

 

Thanks for this. How do you find your "secret" for each site in the first place?

Share this post


Link to post

Thanks for the links, Moul. Works great! Thanks Gilberto for the google advice.

 

Anyone have an idea why I can type "gaut" and I get the workflow in Alfred, but once I finish typing "gauth" I only get web searches?

Share this post


Link to post

Thanks for the links, Moul. Works great! Thanks Gilberto for the google advice.

 

Anyone have an idea why I can type "gaut" and I get the workflow in Alfred, but once I finish typing "gauth" I only get web searches?

 

Most likely, you have broken entries in your ~/.gauth

Share this post


Link to post

Most likely, you have broken entries in your ~/.gauth

 

Yes, just added some Syntax Error checks on version 1.5.0, thanks !

Share this post


Link to post

Thanks to Gilberto, it's easier to add secrets now

 

You can add secrets by typing from Alfred: gauth add [account] [secret]

Share this post


Link to post

This is a great workflow and such a timesaver!

 

Question on the secret: if you're a current google authenticator user on your mobile device, how would you go ahead and get those secrets again without disconnecting?  Would you simply delete each previous entry and restart?

 

 

Share this post


Link to post

This is a great workflow and such a timesaver!

 

Question on the secret: if you're a current google authenticator user on your mobile device, how would you go ahead and get those secrets again without disconnecting?  Would you simply delete each previous entry and restart?

 

From what I know, it is not possible to get a secret from the mobile device
 
I personally had to renew my secrets to be able to add them on both my phone and gauth

Share this post


Link to post

 

From what I know, it is not possible to get a secret from the mobile device
 
I personally had to renew my secrets to be able to add them on both my phone and gauth

 

Yep, same here.

Share this post


Link to post

Hey is it possible to use this also for battle.net?

Not the same mechanism (for now)

Share this post


Link to post

This workflow is implemented really well but isn't the point of two-factor authentication to have two separate physical devices required to authenticate yourself? What's the point if both factors are on your computer (assuming the computer is what's being authenticated into, and not another device like a smartphone or tablet)?

Share this post


Link to post

Howdy.. if I might get some help with setting up github.  I have the workflow installed, I have an API token, but I for the life of me cannot get the config correct.  I have 2fa running on github, facebook, evernote, gmail are all working well. I have tried:

 

[github - thomas@something.com]

[github - thomassomething]

[github - thomassomething https://api.github.com/user]

secret=token

Share this post


Link to post

This workflow is implemented really well but isn't the point of two-factor authentication to have two separate physical devices required to authenticate yourself? What's the point if both factors are on your computer (assuming the computer is what's being authenticated into, and not another device like a smartphone or tablet)?

 

Yeah, it does kinda defeat the purpose of 2fa if your computer is the machine you're logging in on. However, the same applies to using a 2fa app on your phone when logging in on your phone…

 

At any rate, I think the secrets should be in Keychain. It would improve the security somewhat versus storing them in plaintext.

Share this post


Link to post

Hi All - this looks awesome!

 

I'm struggling with what and where these 'secrets' are - I've followed the links provided, the closest thing I've found are recovery keys, is that the current term?

 

Thanks!

Share this post


Link to post

Recovery keys are a different thing. They're for when you don't have access to your 2-factor authentication app. They can only be used once.
 
When you activate 2-factor authentication, you typically scan a QR code. Most sites have an option next to/beneath the code to show the secret as text (a QR code is just encoded text). On Google it says "Can't scan the barcode?" You need to click that link.
 
Alternatively, you can use a QR scanner app to decode the QR code and copy the secret from there.
 
The important thing to remember is that if you've already set up 2-factor authentication, there's no way to see the QR code/secret again (unless you saved a copy somewhere—I keep a backup of my secrets in 1Password). You have to reset it and generate a new secret (i.e. re-add it to your 2-FA app).

 

All that said, I still think it's not a great idea to use this workflow because it stores the secrets as plain text. They should be stored in Keychain.

Edited by deanishe

Share this post


Link to post

Thanks for providing such an awesome workflow!

 

Does anyone know how do I delete or edit a secret that already exist?

What is the location of the secret list file?

 

Any comments will be much appreciated.

Share this post


Link to post

It says where the file is in the OP.

 

 

Hi deanishe,

 

Thanks for the reply. I have read the  post all over again and again, still got no luck...

Would you mind telling me where the file locate in the OS?

 

Many thanks!

Edited by west33

Share this post


Link to post

Hi deanishe,

 

Thanks for the reply. I have read the  post all over again and again, still got no luck...

Would you mind telling me where the file locate in the OS?

 

Many thanks!

Create a ~/.gauth file with your secrets, ie:

[google - bob@gmail.com]
secret = xxxxxxxxxxxxxxxxxx

[evernote - robert]
secret = yyyyyyyyyyyyyyyyyy

The file is called .gauth and it's in your home folder. You can't see it in Finder, though, because it's invisible.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×