gauth – Two Factor Authenticator for the CLI enthusiasts


Couple of days ago I’ve stumbled upon interesting tool that may save quite some time for tech-savvy – gauth, a two-factor-authentication CLI tool.

Wait, what is two-factor authentication?

Two-factor authentication (2FA) — also known as two-step verification or multifactor authentication — adds a layer of security to your online accounts, from Amazon, Apple and Google to Facebook, Instagram and Twitter as well as other, work-related systems. Instead of entering only your password to access an account, you need to enter your password — the first verification factor — and then a code sent via SMS or a prompt through an authentication app — the second factor. This means a hacker would need to steal both your password and your phone to break into your account.

Unfortunately, the sms method was found to be unsafe and pretty easy to crack down. Other tools such as Google Authenticator and Authy proved themselves as as market leaders but failed to provide CLI (Command Line Invocation) capabilities.

CLI for the masses

Gauth is a CLI alternative for the traditional multi-factor authentication providers. It enables tech enthusiasts to ease the way they’re using authentication and get the 2FA code directly from command line.

Installation is pretty easy. Just make sure you have your GO environment set up and run go get

To configure a service provider, create a new 2FA integration, and select the option to view the string representation of the QR code, F.E hret 3ij7 kaj4 2jzg. Paste the name of the service and the secret separated by semicolon to a configuration file, where each line represents a different integration:

$ mkdir ~/.config
$ echo My-Service:hret 3ij7 kaj4 2jzg > ~/.config/gauth.csv

Make sure to restrict access to the file: chmod 600 ~/.config/gauth.csv. In addition, it is highly recommended to encrypt the config file itself with:

$ openssl enc -aes-128-cbc -md sha256 -in gauth.csv -out ~/.config/gauth.csv
    enter aes-128-cbc encryption password:
    Verifying - enter aes-128-cbc encryption password:


There are several ways to harness the tool:

Basic scenario – print the 2FA code.

simply enter gauth in your favourite terminal. You’ll get the following output:

    Encryption password: *********
                  prev   curr   next
    My-Service   915200 479333 408710

Advance scenario – copy 2FA code to clipboard.

Create a function within you favourite shell RC file that parses the output and copies the code to clipboard. Replace my-service with the name of the service you chose & paste the following gist to ~/.bash_profile:

my-service() {
  $HOME/go/bin/gauth | grep my-service | awk '{print $4}' | pbcopy

Don’t forget to source your file source ~/.bash_profile
That’s its! Now you can simply paste your 2FA code 🙂

Leave a Reply