WinAuth is a portable, open-source Authenticator for Windows that can be used as a 2FA including Bitcoin / crypto-currency websites, any service that requires the Google Authenticator, and games such as World of Warcraft, Diablo III, Guild Wars 2, Rift, ArcheAge. WildStar, Runescape and Steam.
The project is open-source and hosted at https://github.com/winauth/winauth.
With the increase in websites and services supporting two-factor authorisation, WinAuth provides an alternative or backup solution to combine all your two-factor authenticator codes in one convenient place.
Latest Stable Download
WinAuth 3.1 is available from the download link below.
WinAuth 3.2 (in development)
The next version of WinAuth is being tested. This release includes the new Steam Guard Mobile Authenticator, integration with YubiKey to enhance your authenticator security, and support for counter-based HOTP.
Steam Guard Mobile Authenticator
WinAuth can be registered as a new mobile device to create a Steam authenticator and displays the appropriate 5 character codes.
Please read about the Steam Guard Mobile Authenticator for more information.
WinAuth can use a YubiKey to encrypt its data, ensuring your authenticators’ information cannot be read by anyone even when they have physical access to your computer.
A YubiKey Standard or NEO 2.2.x or later is required.
HOTP / Counter-based Authenticator
A HOTP authenticator can be Adding a normal “Authenticator” and either pasting in a counter-based KeyUri or choosing the counter option.
WinAuth 3.2 BETA is available from the downloads page.
Support for multiple Authenticator services
WinAuth supports any service or website that uses the Google Authenticator, Microsoft Authenticator or an RFC 6283 based authenticator. It also supports games such as World of Warcraft, Diablo III using Battle.net, GuildWars 2 and Rift.
WinAuth requires no installation and is a single executable file, and so can be run from a USB drive or stored and run from cloud files services such as DropBox, Google Drive, or SkyDrive.
If your configuration file (
winauth.xml, normally stored in your Windows roaming profile) is in the same folder as the WinAuth program, it will use that instead and switch into “portable” mode, not saving any other information to the computer.
Microsoft .NET Framework 4 is required.
An unlimited number of authenticators can be stored, each with their own personalised name and icon for quick reference. The WinAuth application can be sized as preferred or automatically displayed to fit.
Automatic or On-Demand
Each authenticator can be set to automatically display and refresh the current code or to only calculate and show the code when clicked.
Security and Encryption
All private authenticator data is encrypted with your own personal password, salted and enhanced with key strengthening to reduce the ability for brute force attacks. The data can also be protected using Windows in-built Data Protection API, which will “lock” the data to a single computer or account, making it completely unusable if copied to another computer.
Each authenticator can also additionally have its own secondary password that is required before any codes are decrypted, calculated and displayed.
Finally, all codes are drawn directly onto the screen to prevent any malware from “windows spying”.
Each authenticator can be assigned a hot-key to notify, display, clipboard copy or inject the current code into another application. An advanced injection script can also be created to automate username, password and code entry. Scripts are part of the private data and also fully encrypted along with the authenticator data.