Eric's Super Duper Secure Auth™ 🔐

Because who needs Google Authenticator when you can roll your own sketchy system tray app?

What is this monstrosity?

Welcome to the most "enterprise-grade" 2FA authenticator you've ever seen! This beautiful piece of software engineering is a Windows system tray application that generates TOTP codes. It's like Google Authenticator, but with 100% more hardcoded values and 0% architectural patterns!

Features That Will Make You Question Everything

• ✨ Single-file architecture - Exactly 1337 lines of pure, unadulterated chaos in one massive Program.cs!
• 🎨 "Modern" UI - Rounded corners! Subtle shadows! It's basically the next macOS!
• 📱 Actually Responsive Design - Uses em units and screen percentages like a real web developer!
• 🔒 Security First - All your secrets are safely embedded as resources (what could go wrong?)
• 🚀 Blazing Fast - Updates every 500ms whether you need it or not!
• 💾 Memory Efficient - Calls GC.Collect() manually because long-running tray apps need love too!
• 🎯 Production Ready - Contains helpful comments like // Better vertical centering
• ⚙️ QR Code Scanning - Add new accounts on the fly! Just scan a QR code and edit the fields before adding!
• ✏️ Editable Fields - Review and modify account name, secret, digits, and algorithm before saving
• 🔍 Smart QR Detection - Automatically scales up small QR codes for reliable decoding
• 🎭 Single Instance - Prevents running multiple copies because we're not savages

Installation

Step 1: Export Your 2FA Accounts from Google Authenticator

1. Open Google Authenticator on your phone
2. Tap the three-dot menu (⋮) in the top right
3. Select "Export accounts" or "Transfer accounts"
4. Choose "Export accounts" and select the accounts you want to export
5. Google Authenticator will display a QR code containing all your accounts
6. Take a screenshot of the QR code

Step 2: Add the QR Code Image to the Repository

1. Save the screenshot as img.png in the root directory of this repository (same folder as setup.py)
2. Make sure the image is clearly visible and the QR code is not cropped or distorted

Step 3: Run the Setup Script

1. Open a terminal/command prompt in the repository root directory

2. Run the setup script:

   python setup.py

   The script will:

   • Install required Python dependencies (protobuf, pyzbar, Pillow)
   • Generate the protobuf file needed for parsing migration URLs
   • Decode the QR code from img.png
   • Extract all your 2FA accounts
   • Create accounts.json in the csharp-tray/AuthenticatorTray/ directory
   • If accounts.json already exists, it will create updated_accounts.json instead

Step 4: Build and Run the Application

1. Navigate to the C# project directory:

   cd AuthenticatorTray

2. Build the project:

   dotnet publish -c Release -r win-x64 /p:PublishSingleFile=true /p:SelfContained=true

Usage

• Left-click the tray icon to show all your 2FA codes
• Right-click the tray icon to exit the application
• Click the settings icon (⚙️) in the popup header to add new accounts via QR code
• Codes update automatically every second

Configuration

The accounts.json file is automatically generated by the setup script from your Google Authenticator export. However, if you need to manually create or edit it, use this format:

{
  "accounts": [
    {
      "name": "Your Bank Account (totally safe)",
      "secret": "DEFINITELY_NOT_YOUR_REAL_SECRET",
      "digits": 6,
      "algorithm": "SHA1"
    }
  ]
}

Note: This file is in .gitignore because we learned about security the hard way.

Adding New Accounts via UI

The Easy Way (Recommended):

1. When setting up 2FA on a website (e.g., Microsoft, GitHub, etc.), they'll show you a QR code
2. Take a screenshot of the QR code (or save it as an image file)
3. Left-click the tray icon to open the popup
4. Click the settings icon (⚙️) in the popup header
5. Click "📷 Scan QR Code from Image"
6. Select your screenshot/image file
7. Review and edit the decoded information:
   • Name: The display name for the account
   • Secret: The Base32-encoded secret key
   • Digits: Code length (usually 6, sometimes 7 or 8)
   • Algorithm: Hash algorithm (SHA1, SHA256, SHA512, or MD5)
8. Click "Add Account" when satisfied
9. Done! The new account appears immediately - no rebuild needed!

Features:

• Automatic QR code detection with smart upscaling for small images
• All fields are editable before saving
• Input validation to prevent invalid configurations
• Duplicate account detection with replace option
• Account is automatically saved to accounts.json and persists across restarts

Manual Account Entry

If you prefer to manually add accounts instead of using the export or QR scanning:

1. Copy the example file: cp accounts.json.example accounts.json
2. Edit accounts.json and add your accounts with their TOTP secrets
3. Each account needs: name, secret (base32 encoded), digits (usually 6), and algorithm (usually "SHA1")
4. Restart the application to load the new accounts

Architecture Highlights

Design Patterns Used:

• ❌ MVC
• ❌ MVVM
• ❌ Repository Pattern
• ❌ Dependency Injection
• ✅ The "Everything in Main" Pattern (Patent Pending)

Code Quality Features:

• CSS-like Units: Em(4.2f) and ScreenWidth(22) - we're basically web developers now!
• Inline Event Handlers: Because separating concerns is overrated
• Custom Graphics Extensions: Why use existing UI frameworks when you can draw rounded rectangles manually?
• Global State: Static methods everywhere, just like the good old days!
• DPI Awareness: Application.SetHighDpiMode(HighDpiMode.PerMonitorV2) - look how fancy we are!

Known "Features"

Fixed ✅

• 🎉 Hardcoded window positioning Now uses screen percentages like a pro!
• 🎉 Blurry text Crystal clear DPI-aware rendering!
• 🎉 Terrible scaling Responsive em-based layout system!
• 🎉 Need to rebuild to add accounts Just scan a QR code and you're done!
• 🎉 Can't edit account info before saving All fields are now editable!
• 🎉 No QR code validation Smart scaling and comprehensive error messages!
• 🎉 Multiple app instances running Single-instance protection enabled!

Still "Features" 🐛

• 🐛 No error handling for malformed JSON (crashes are features!)
• 🐛 Thread safety is for enterprise applications
• 🐛 No unit tests (testing is for people who don't believe in their code)

FAQ

Q: Why does this exist?
A: I was tired of using my phone.

Q: Is this secure?
A: As secure as storing your passwords in a text file named "definitely_not_passwords.txt"

Q: Can I use this in production?
A: You can do many things. Should you? That's between you and your conscience.

Q: Why is everything in one file?
A: Microservices are overrated. We're bringing back the monolith, one giant Program.cs at a time.

Q: Why does it look like macOS?
A: Don't flatter me, it looks like shit.

Contributing

Found a bug? Great! Here's how you can help:

1. Fork the repository
2. Create a feature branch
3. Write tests
4. Just edit Program.cs directly and add more inline code. It's the way.

License

This code is released under the "Please Don't Use This In Production" license.

Use at your own risk. I'm not responsible for any security breaches, mental breakdowns, or existential crises that may result from reading or using this code.

---

"It works on my machine!" - Eric S, 2025