One of the most annoying things when I use exchanges is entering 2FA codes. When I only used couple of exchanges it wasn’t too bad. But when my 2FA codes grew to more than 20, it was really frustrating to find the right code from the list of codes. The list grew to more than 30 now. I’ve changed from Google Authenticator to Matt Rubin’s Authenticator( because it provides search functionality. I’m not sure if he uploaded it, but you can search and download it from AppStore.

But do you really need to enter the 6 digits manually? 2 factor authentication is for checking if you have the device, not to check how you can find the code and manually type the 6 digits accurately when the clock is ticking. So, why not use push messaging to make it simpler? I found “Push Authenticator” for Android, but it didn’t work for me. I don’t think it’s being maintained now. LastPass Authenticator only supports few sites like Google and Facebook. It doesn’t support any exchanges.

So I’m developing an authenticator app. Both for iOS and Android. You’ll have to install a Chrome Extension and pair it with your app. Then you’ll be able to request codes from the website. Push messages is received on your device, and you can approve from the app to transmit the code to the Chrome Extension. Chrome Extension pastes the code and you’re logged in. No searching for codes, no manual typing. Messages between Chrome Extension and apps are encrypted end-to-end.

Here is a YouTube video of how it works both on Android and iOS:

I’m looking for beta testers! The app is still being actively developed. I’m more focused on the iOS version and Chrome Extension(adding more supported sites). You can contact me at [email protected] or by comments. Please share which device you are on, and which exchanges or sites you mainly use. Beta should be ready in two weeks for iOS.  Android version will follow.

How much will you pay for the app? Will you pay if it’s a subscription service? I’m still thinking about monetizing strategies. The service is comprised of servers and someone has to also maintain the supported sites.

Please give any feedback. Thank you.

13 votes, average: 5.00 out of 513 votes, average: 5.00 out of 513 votes, average: 5.00 out of 513 votes, average: 5.00 out of 513 votes, average: 5.00 out of 5 (13 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
(2006 total tokens earned)


    1. mix1009 Post author

      Do you mean the source code for the plugin? Or you want to see the 2FA code to be sent? 2FA code is generated when you press the approve button. It changes every 30 seconds. If it’s automatic login, you won’t care what the 6 digits are. For unsupported sites, the 2FA code will be presented so you can paste the code inside the 2FA input box.

      1. peter S

        I just want to make sure this is not a backdoor to hijack login data. I know what 2FA is and have requested a search option repeatedly at Google, or at least a better font to read the names of the different sites but it has not reached thier priority list. You may be perfectly legit person but I don’t know you and I have no certainty what your plugins do besides presenting the 6 digit code. This is a sensitive area, you understand. So before I enlist for a beta test, I just want to know some more details. If it works as promised, I would love the tool

        1. mix1009 Post author

          Sure, Chrome extensions can be evil. Chrome extensions are JavaScript. So you can check the source code. It will only see url of the current tab and request code from the app when user clicks the “request button”. Then mobile app matches the 2fa code and sends the 6 digits when you approve it. The chrome extension receives the 6 digits and pastes the code to the input field for supported sites. The chrome extension does not look at your id or passwords. For unsupported sites, the extension will show the 6 digits or copy it in to the clipboard. There is a server component thats passes messages between chrome extension and mobile app. Messages (url and digits) are encrypted end-to-end so the server does not see sensitive information.