WinAuth is a portable, open-source Authenticator for Windows that can be used as a 2FA including Bitcoin / crypto-currency websites, any service that requires the Google Authenticator, and games such as World of Warcraft, Diablo III, Guild Wars 2, Rift, ArcheAge. WildStar and Runescape.

The source code is hosted using GitHub at

(It was previous hosted using Google Code at but moved following the announcement that Google code is being shut down)


With the increase in websites and services supporting two-factor authorisation,  WinAuth provides an alternative or backup solution to combine all your two-factor authenticator codes in one convenient place.


Glyph Authenticator

Trion Worlds, developers of Rift and ArcheAge, as part of their Glyph gaming platform have recently changed their mobile authenticator to use 6 digits instead of the previous 8 digits. WinAuth is still compatible and the first 6 digits of an existing code can be used to login to your account. For example, if your code is shown as 1234-5678, you should just enter 123456.

Please update to the latest version of WinAuth (3.1.8) that will show the 6 digit code for all Glyph authenticators.


WinAuth 3.1 has now been released and is available from the download link below.



Support for multiple Authenticator services

WinAuth supports any service or website that uses the Google Authenticator, Microsoft Authenticator or an RFC 6283 based authenticator. It also supports games such as World of Warcraft, Diablo III using, GuildWars 2 and Rift.


WinAuth requires no installation and is a single executable file, and so can be run from a USB drive or stored and run from cloud files services such as DropBox, Google Drive, or SkyDrive.

If your configuration file (winauth.xml, normally stored in your Windows roaming profile) is in the same folder as the WinAuth program, it will use that instead and switch into “portable” mode, not saving any other information to the computer.

Microsoft .NET Framework 4 is required.

Multiple Authenticators

An unlimited number of authenticators can be stored, each with their own personalised name and icon for quick reference. The WinAuth application can be sized as preferred or automatically displayed to fit.

Automatic or On-Demand

Each authenticator can be set to automatically display and refresh the current code or to only calculate and show the code when clicked.

Security and Encryption

All private authenticator data is encrypted with your own personal password, salted and enhanced with key strengthening to reduce the ability for brute force attacks. The data can also be protected using Windows in-built Data Protection API, which will “lock” the data to a single computer or account, making it completely unusable if copied to another computer.

Each authenticator can also additionally have its own secondary password that is required before any codes are decrypted, calculated and displayed.

Finally, all codes are drawn directly onto the screen to prevent any malware from “windows spying”.


Each authenticator can be assigned a hot-key to notify, display, clipboard copy or inject the current code into another application. An advanced injection script can also be created to automate username, password and code entry. Scripts are part of the private data and also fully encrypted along with the authenticator data.