Get two-factor authentication on the desktop with Authy

A new app lets you generate two-factor authentication codes on your desktop PC. Here's how it works.

One of the best security precautions you can take to protect your online accounts is to enable two-factor authentication on any service that supports it. This requires you to enter a short, one-time code to access your online accounts after you've entered your password.

Usually these codes are sent by text or email message, or generated by a smartphone app such as Google Authenticator. But a new service called Authy recently launched an app that lets you get two-factor codes on your desktop PC--a handy capability, and doubly so if you don't always carry a smartphone on you.

Getting started with Authy

Authy for the desktop is a Chrome-based app that you download from the Chrome Web Store. While Authy's desktop app uses Chrome as its basic infrastructure, the program operates separately from the Chrome browser and looks and feels similar to a desktop app.

Here's how it works.

Download Authy from the Chrome Web Store. When you first start-up the app, you'll be asked to enter an email address and your mobile phone number. Authy will then send you an SMS message to confirm your identity.

Once that's done, it's time to start adding accounts to Authy. In our example, we'll use Facebook.

Two-factor authentication requires a shared secret between the authenticator app (Authy in this case) and the server (Facebook in this example). This secret is usually shared from the server to the authenticator app using a QR code, but Authy on the desktop can't scan a QR code like a smartphone can. Instead, you'll have to enter a special code--usually found right underneath the QR code--to add an account to Authy on the desktop.

Login to Facebook on your PC and go to Settings > Security > Code Generator > Edit and then click on "Set up another way to get security codes." You'll be asked to enter your password again and a small pop-up window will open, containing a QR code and a secret key.

Copy the secret key and leave that pop-up window open. Now go back to Authy and click the 'Add Authenticator Account' link at the bottom of Authy's settings screen.

Next, paste the code you copied from Facebook into Authy's entry box and press Add Account. Finally, you'll be asked to name the account and choose an icon for it (I went the straightforward route, calling it Facebook and choosing the Facebook icon).

Next, click Done and that's it!

Ensuring it works

To test out Authy, close the settings window and you'll see a new window with a list of your connected accounts. Click on Facebook and you'll see a short code. Click the Copy button underneath the code, go back to Facebook and paste the code into the Security code box in the QR code window.

If Facebook tells you the code worked, then you're all set for logging into Facebook using Authy on the desktop.

Most services that offer two-factor authentication support use a similar system to generate security codes, though the exact method will vary by service. Try digging in the security settings of other services first.

Be warned: Many online accounts don't like it when you use more than one authenticator method for two-factor authentication, so you may have to dump text/email authentication and start using Authy exclusively on your smartphone and PC if you want to use the service for all your accounts. (Authy can sync your two-factor authentication codes across its PC and smartphone apps to make things easier.)

Join the CSO newsletter!

Error: Please check your email address.

Tags Googlesecurityauthenticationsecurity softwareFacebook

More about FacebookGoogleQR

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts