MOS Authenticator FAQ
Maximum Output Software
Maximum Output Software

Frequently Asked Questions

Q: Can I trust MOS Authenticator with my data?

A: Maximum Output Software has gone to great lengths to ensure that your data is safe.  The secret keys used by Authenticator could be very valuable should they fall into the wrong hands, so MOS has implemented high-grade AES encryption security to protect your data.

Your data is only stored on your local PC (encrypted, of course) and is never uploaded to the Internet in any form.

Q: How can I retrieve the secret key associated with a site from MOS Authenticator?

A: This capability was intentionally omitted from the application.  This prevents anyone who may have access to your computer (locally or remotely) from obtaining your secret keys and impersonating you without your consent.

If you have lost all other copies of your secret key, you will need to contact the web site that issued the key and request a new one.  Even if you were to export the data stored by MOS Authenticator and send it to us, we would not be able to decrypt it for you.

Q: The site I'm configuring says it only supports one device per account.  Is there a way around this?

A: Yes.  Manually obtain the secret key that the site generates and enter use the same key in all Authenticator apps (keys are not computer/device specific).  We recommend saving these keys in a safe place in case you need to add to a new device in the future.

Q: A site only seems to support QR codes for configuring an Authenticator client.  Can I still use MOS Authenticator?

A: Yes, but you may need to do some digging to retrieve the secret code embedded in the QR code.  Many sites actually have a link (though it is sometimes small or hidden) that allow you to manually retrieve the secret key.  If a particular site does not, you may need to snap a picture of the QR code and decode the data using a smartphone app or web site.  You'll be looking for the portion of the embedded data that comes immediately after "SECRET=".

Q: Why doesn't MOS Authenticator support QR codes?

A: Most sites that support Google Authenticator technology will give you the underlying secret key.  Supporting QR codes on devices that aren't typically mobile and usually don't have rear facing cameras didn't seem like productive use of our resources.  There are already numerous other ways to decode QR codes should the need arise.

Q: Can I move my secret keys to another computer?

A: No.  The secret site keys are encrypted using a key that contains data specific to your user account on your computer.  Any attempt to move the data to another computer will fail.

Q: The codes generated by MOS Authenticator don't match codes generated by another application.

A: Be sure that (1) the clocks of the two devices have the same time, (2) that the secret keys have been entered correctly on both devices, and (3) that the algorithm used is Google's TOTP, using 6-digits at a 30-second refresh time.

Q: Why should I use MOS Authenticator instead of a smartphone app?

A: You obviously could just use your smartphone for authentication purposes.  But it is often a hassle to retrieve your phone, log in, and wait for the app to launch.  Using MOS Authenticator makes it much easier to enter authentication keys from a desktop or laptop PC.

Q: How is MOS Authenticator different from other Google Authenticator-compatible apps?

A: In terms of generating codes, it isn't any different.  In terms of security, user interface, and overall usability, we believe that our application is significantly better than anything else out there for Windows.

Q: How much does Authenticator cost?

A: MOS Authenticator is free.  There are no ads, and no spyware associated with it.  It was created to meet a need of the author, and it seemed like a nice thing to do to make it available to everyone. 

Q: Is it always going to be free?

A: We have no immediate plans to release a paid version.  If we did, however, a free version would always be available.

Q: How long can I use MOS Authenticator?

A: There is no expiration date on the software.  As long as Google and other companies continue to use this particular authentication algorithm, and as long as Win32 exists in Windows, Authenticator should continue to run.

Q: What about a version for the Mac or Linux?

A: We have no plans to create a Mac or Linux version.

Q: How about a mobile app?

A: We have no plans to develop a mobile version of MOS Authenticator.  Google and Microsoft already have that covered.

Q: Your site indicates that Authenticator doesn't send any information out to the Internet, but my firewall software is telling me that it is trying to establish an outgoing connection.

A: Because Google Authenticator codes are time-based, MOS Authenticator has to run against an accurate clock.  When it first starts up it connects to www.maxoutput.com to retrieve a clock synchronization signal.  No user data is uploaded or downloaded.

If your computer isn't connected to the Internet, or a firewall blocks this connection, MOS Authenticator will still run as long as the computer's clock is accurate within about 15 seconds.  But the more accurate, the better.

Q: Is source code available?

A: MOS Authenticator makes use of some proprietary software libraries which are not open source, so we are not able to share the code used to create the software.  We also want to reserve the right to possibly create a more feature-complete paid version in the future.

Q: Why is the encryption used on Windows XP less strong than on newer versions of Windows?

A: MOS Authenticator uses the Crypto API provided by Windows for encrypting and decrypting data.  Windows XP has never been updated with the latest encryption technologies, one of which (SHA-256 hash) is used by Authenticator.  Instead of not allowing Authenticator to run on Windows XP, we elected to downgrade security very slightly so that the application could run.

 MOS Authenticator Screenshot