A: Maximum Output Software has gone to great lengths to ensure that your data is safe. The secret keys used by Authenticator could be very valuable should they fall into the wrong hands, so MOS has implemented high-grade AES encryption security to protect your data.
Your data is only stored on your local PC (encrypted, of course) and is never uploaded to the Internet in any form.
A: This capability was intentionally omitted from the application. This prevents anyone who may have access to your computer (locally or remotely) from obtaining your secret keys and impersonating you without your consent.
If you have lost all other copies of your secret key, you will need to contact the web site that issued the key and request a new one. Even if you were to export the data stored by MOS Authenticator and send it to us, we would not be able to decrypt it for you.
A: Yes. Manually obtain the secret key that the site generates and enter use the same key in all Authenticator apps (keys are not computer/device specific). We recommend saving these keys in a safe place in case you need to add to a new device in the future.
A: Yes, but you may need to do some digging to retrieve the secret code embedded in the QR code. Many sites actually have a link (though it is sometimes small or hidden) that allow you to manually retrieve the secret key. If a particular site does not, you may need to snap a picture of the QR code and decode the data using a smartphone app or web site. You'll be looking for the portion of the embedded data that comes immediately after "SECRET=".
A: Most sites that support Google Authenticator technology will give you the underlying secret key. Supporting QR codes on devices that aren't typically mobile and usually don't have rear facing cameras didn't seem like productive use of our resources. There are already numerous other ways to decode QR codes should the need arise.
A: No. The secret site keys are encrypted using a key that contains data specific to your user account on your computer. Any attempt to move the data to another computer will fail.
A: Be sure that (1) the clocks of the two devices have the same time, (2) that the secret keys have been entered correctly on both devices, and (3) that the algorithm used is Google's TOTP, using 6-digits at a 30-second refresh time.
A: You obviously could just use your smartphone for authentication purposes. But it is often a hassle to retrieve your phone, log in, and wait for the app to launch. Using MOS Authenticator makes it much easier to enter authentication keys from a desktop or laptop PC.
A: In terms of generating codes, it isn't any different. In terms of security, user interface, and overall usability, we believe that our application is significantly better than anything else out there for Windows.
A: MOS Authenticator is free. There are no ads, and no spyware associated with it. It was created to meet a need of the author, and it seemed like a nice thing to do to make it available to everyone.
A: We have no immediate plans to release a paid version. If we did, however, a free version would always be available.
A: There is no expiration date on the software. As long as Google and other companies continue to use this particular authentication algorithm, and as long as Win32 exists in Windows, Authenticator should continue to run.
A: We have no plans to create a Mac or Linux version.
A: We have no plans to develop a mobile version of MOS Authenticator. Google and Microsoft already have that covered.
A: Because Google Authenticator codes are time-based, MOS Authenticator has to run against an accurate clock. When it first starts up it connects to www.maxoutput.com to retrieve a clock synchronization signal. No user data is uploaded or downloaded.
If your computer isn't connected to the Internet, or a firewall blocks this connection, MOS Authenticator will still run as long as the computer's clock is accurate within about 15 seconds. But the more accurate, the better.
A: MOS Authenticator makes use of some proprietary software libraries which are not open source, so we are not able to share the code used to create the software. We also want to reserve the right to possibly create a more feature-complete paid version in the future.
A: MOS Authenticator uses the Crypto API provided by Windows for encrypting and decrypting data. Windows XP has never been updated with the latest encryption technologies, one of which (SHA-256 hash) is used by Authenticator. Instead of not allowing Authenticator to run on Windows XP, we elected to downgrade security very slightly so that the application could run.