Google, Dropbox, LastPass, Battle.net, Guild Wars 2 – all these services and more offer two-factor authentication apps that work on smartphones. If you don’t have a supported device, you can run an alternative application on your computer.
When you log in, you’ll need to enter a time-based code from the app. Two-factor authentication prevents people who know your password – but don’t have the app and its security key – from logging in.
Using a two-factor authentication app on your computer is less secure than using one on a separate device. Someone with access to your computer could access your security key and log into your account – however, if you don’t have a smartphone, iPod touch, or other mobile device, using an app on your computer is more secure than not using two-factor authentication at all. It’s also likely that most stolen passwords are acquired via keyloggers and other types of software that won’t try to steal the security key from your computer.
None of these apps are officially supported by the services they’re for. However, the two-factor authentication algorithm that Google Authenticator uses is an open standard that these apps have implemented. In the case of WinAuth, the developers have implemented the same algorithm used by Blizzard’s Battle.net Authenticator.
Google, Dropbox, LastPass, & More
Google makes Google Authenticator, which implements a standard time-based one-time password (TOTP) algorithm. Other services, including Dropbox, LastPass, Guild Wars 2, DreamHost, and Amazon Web Services, have used Google Authenticator instead of implementing their own apps from scratch. You can even use Google Authenticator’s PAM module to secure your SSH sessions on Linux.
While Google only produces official Authenticator apps for Android, iOS, and BlackBerry, other developers have created implementations of Google Authenticator that run on desktop PCs.
If you’re a Chrome user, you can use GAuth Authenticator, which implements Google Authenticator as a Chrome extension. The extension stores your secret key locally and generates time-based codes you’ll need to log in, just as the official mobile apps do.
You can also use gauth4win, an implementation of Google Authenticator for Windows. After installation, launch GoogleAuth from your Start menu. If you see an error message after launching it, click Continue to launch the application anyway. It will appear in your system tray. Right-click it and use the option to enter your key. After you do, you can right-click the system tray icon and select Copy to copy the current time-based authentication key to your clipboard.
To add your security keys to any of these applications and secure your accounts, go through the standard process for enabling two-factor authentication on Google, securing LastPass with two-factor authentication, or activating two-factor authentication on any other service. Instead of entering the key into a mobile app during the setup process, enter it into the application on your computer.
Battle.net & Guild Wars 2
Blizzard’s Battle.net service uses a different two-factor authentication implementation – Blizzard offers their own mobile app instead of using Google Authenticator. Blizzard’s Battle.net Authenticator secures the Battle.net accounts used for World of Warcraft, Diablo III, and Starcraft II.
You can’t use the above apps for Battle.net, so you’ll need to use another app. WinAuth is an open-source Windows authenticator for Battle.net and Guild Wars 2 (although you can also use the above apps with Guild Wars 2.) It also allows you to encrypt your security key file so that malicious programs can’t easily access it without your permission.
Download the WinAuth app and it will walk you through using it with your Battle.net or Guild Wars 2 account.
If You’re Away From Your Computer
Mobile apps are particularly useful because they run on a phone that you probably always have with you. if you’re away from your computer and need to log into one of your accounts, you won’t be able to do so without disabling two-factor authentication.
For most services, you can disable two-factor authentication as long as you have access to your email account – click a link in an email sent to you and you can log in without any special codes.
If you used one of these apps to secure your Google account and you can’t log into Gmail, this can be a problem. Google provides several ways of logging in if you don’t have a security code – you can have a security code sent by SMS to the cell phone number you provided on the two-factor authentication setup page. If you don’t have access to your mobile phone, you can enter one of the recovery codes you can print out from the two-factor authentication setup page. Each code is only valid once. Ensure you print out these keys and keep them somewhere safe – like your wallet – in case you ever lose access to your security keys and need to log in.
Some services my also offer physical two-factor authentication tokens, such as Blizzard’s Battle.net Authenticator device. You may also find unofficial authenticator apps for other platforms, such as Authenticator for Windows Phone.