This project is based on work for the original Google Authenticator application for Google's Two-Factor Authentication scheme. That program was originally an applet for Android, iPhone, and Blackberry devices. THIS WORK USES THEIR
PRINCIPLES AND PROCEDURES, BUT DOES NOT DIRECTLY DERIVE FROM THEIR CODE!
Forgive me for using their icon.
This is my Windows clone so that you don't need your phone to log into Google
(or many others!) if you have Two-Factor Authentication enabled. That's right, this program works with Microsoft's APP-based two-factor log-in scheme as well (I'm using it myself).
In recent months, Microsoft has moved away from this method of Two-Factor. They now have their own "Accounts" app that users are presented a "challenge" when attempting to log into their account. The webpage will ask
"Please verify request: XXXXX", and the app will pop up a notification, "Requested access, code: XXXXX" and you Approve or Deny the request (assuming the codes match). The exact verbiage may vary from this example. This is similar to the
Twitter model, where you have to have the official app installed, and the app will prompt the user in a similar fashion to allow the login to the webpage.
The program can also produce barcodes similar to the ones that Google produces once the account information has been entered. This is good for putting the account info into your phone. AND the program can READ BARCODES SAVED TO FILES! So if you screen-cap the
barcode into a file from Google when you set your account up, you can then use that file (one barcode per file) to enter the account info into this program, eliminating human error on data entry. This app can store a (reasonably) limitless number of accounts,
so ALL of your Google, Microsoft, DropBox (NEW
) and many other accounts can live in the same app. The accounts are stored encrypted for added safety. The master password has complexity requirements to prevent lazy and weak passwords.
NOTE: This does not store or use your actual Google/Microsoft/DropBox/Other Service
passwords or usernames, this ONLY calculates the time-based OTP's used during log-in when you have Two-Factor Authentication enabled.
April 10, 2014
FIXED: Base32 handler was not parsing strings missing '=' padding (too short) causing internal byte arrays to be too long. Replaced.
This fix makes this program compatible with DropBox! TESTED!
Non-breaking change. Recommended update for all users using the new Accounts.xml version as of November '13. Export accounts and re-import if using Accounts.xml version before November '13.
November 15, 2013
Better handling of dirty
accounts to prevent needless updating of Accounts.xml file after every use but with no updates. This reduces problems with cloud services (such as DropBox), and reduces exposure to the encrypted data (for reference, see "known
plaintext attacks" and "never encrypt different data with the same key/iv/salt").
Also added stability to functions to reduce internal exception throwing.
NOTE: NEW ENCRYPTION METHOD USED! BACKUP ACCOUNTS FIRST UNENCRYPTED, THEN RE-IMPORT LATER!
August 20, 2013
This is an overhaul! It behaves better in many respects, although there are a few small issues (listed below). This upgrade allows you (for once!) to import the older file version of account data (from the September 2012 release).
: XML Capabilities (Storage/Import/Export), Standard Menu Layout, Better pass-phrase handling, ZXing Barcode library support, Window can now be set to not be on top!
: Some small bugs, better memory handling over long run times (leaving the program open in the background), Editing name causes list to get out of sync
: Accounts.Dat file is no longer the main file, BUT you can import the Accounts.Dat file from the menu options (I'm not leaving you stranded!), Buttons removed in favor of menu commands on main window
: Window state, position, and Always On Top options not persisted (yet, that's coming)
ZXing DLL is included and is direct from their CodePlex project. MessagingToolKit DLL no longer required!
September 28, 2012
Added: Key displayed on DisplayBarcode form to allow for direct entry into Authenticator App on your phone or other device. This is nice for phones or devices with no camera. The Google Authenticator team added the direct key entry field in the app, this update
to my program reflects that additional capability.
Added: I'm including the barcode DLL in the downloadable zip
for the sake of the sanity of the end users. The TWIT88 site has changed enough that I can't seem to find it to direct link to it anymore.
February 22, 2012
Fixed-version release that is a drop-in replacement for the Sep 2nd release, but NOT for any older releases. When in doubt, manually back up your account data via screen-capping the barcodes.
September 2, 2011
A recent breaking change was made to the SkeinLib DLL to move it to 64 bit operation. This change has prompted me to REMOVE THE DLL REFERENCE. You will no longer need SkeinLib for this program. HOWEVER, THIS IS ALSO A BREAKING CHANGE FOR HOW
ACCOUNTS ARE STORED! BACKUP YOUR ACCOUNTS BEFORE UPDATING TO THE LATEST VERSION. Use the barcode feature and screen cap the codes for each account individually, then delete the Accounts.dat file before updating to the new version.
Release for .NET 4
Network folders (or redirected folders residing on the network) are not supported. They cause ArgumentExceptions for the file handling routines. If you must use a network folder, map it to a drive letter.
Special thanks to
Hemant Jangid for his Code Project article and code for Base32 encoding/decoding
"Shane", whoever you are, at StackExchange for answering "trampster"'s question with a very flexible code sample; to the Google
dev team for the original Authenticator program; and to the team that ported the ZXing Java library to .NET.