A friend of mine needs to enable two factor auth (specifically, OTP for Gmail) but can’t use Android apps until she replaces her physically damaged phone.
I know next to nothing about the Windows software ecosystem, and was hoping the community could help me with with a recommendation. I’ve done a preliminary search, but nothing I found gave me a high confidence level.
The ability to import/export from andOTP would be great, but that’s not a requirement.
Android emulator maybe?
She’s not a technical user and lives on a different continent.
It would be a more effective use of my time to just buy her a new phone if that’s my only option.
Solution has to be native.
Far as I know, but haven’t searched exhaustively, they’re all mobile based. They use the security features the mobile platform (although strangely, they’ll run in an emulator)
Google will do SMS codes as OTP right? Some wireless carriers allow you to forward SMS to email.
Why TOTP? if she doesn’t have a phone that wouldn’t be ideal, shed be better getting a U2F yubikey ($12) for 2FA on a computer. Especially if shes not tech savy.
The only totp options i know are not recommended.
That might be a good idea. I shall ponder the implications.
There $20 not the $12 I though. Google also does a key I believe.
I could’ve sworn Authy had a way of doing MFA via a desktop app, but I may be wrong…
Edit: Here’s the link for downloading their desktop program in case you’re interested in seeing if it resolves your problem. https://authy.com/download/
Use WinAuth, works on W10. Yes, it’s quite old and not developed. But it doesn’t cause any danger. I recommend only blocking the entire network traffic for this process on the firewall and as an OTP application in offline mode it works ok. Tested …
PS
From the security logic you should keep OTP on a separate machine and not the one on which the login is performed.
The primary reason I wanted to use OTP was the ubiquity of Google Auth support and the fact that she wouldn’t need to buy anything else for it.
But it turns out she doesn’t have a smartphone anyway, so physical token it is! that works out better in the end, because I know I should be using FIDO over OTP anyway. 
