Two-step verification is a way to give your accounts more protection than just a password or PIN. If you use a verification app like Google Authenticator (iOS, Android), you log in to your account (email, bank, Amazon, and so on) with your username and password, and the app sends a temporary code to your phone that's the final key to get into your account. But if you want to generate verification codes on your desktop or laptop, you can.

Method 1: Chrome browser extensions

Using a Chrome extension is the most approachable method, because the extension will work on any device that runs the desktop version of the browser.

Authenticator for Chrome, for example, works in Linux, on Google's Chromebook laptops, as well as on Mac and Windows PCs. (Firefox doesn't currently have a comparable option, but the newly launched Open Two-Factor Authenticator may prove as popular, in time.) Authenticator doesn't have a catchy name, but it works pretty nicely.

There's also Authy for Chrome, but it hooks into the cloud and requires your phone number. If you're just doing app-based two-step verification, it's more secure to perform that function completely offline. But Authy is handy for codes generated via SMS messages that are ordinarily sent to your phone.

How to set up Authenticator for Chrome

Let's say you want to add Amazon two-step verification codes to Authenticator. After installing the browser extension, go to Amazon's website and log in. Go to Your Account, scroll down to Settings, click Login & Security Settings, and go to Advanced Security Settings. Click the Edit button, then Add New App in the Preferred Method section, click the link labeled Can't Scan the Barcode, and copy the bolded string of letters and numbers to your clipboard (Ctrl-C on your keyboard).

amazon authenticator QR code screenshot

Click the Authenticator icon in the upper-right corner of Chrome (it looks like a tiny QR code), then the pen icon at upper right. Click the + button and Manual Entry. Enter the email address associated with your Amazon account into the Account section. Paste that clipboard string into the Secret section, then click OK. Authenticator generates a new code every 30 seconds -- to copy it quickly, just click the code, and Authenticator will add it to your clipboard.

Authenticator may warn you that this string is not encrypted. If you decide to create a passphrase to encrypt the entries, be aware that you will lose access to this entry if the passphrase is lost. For your security, there is no password reset option.

google chrome authenticator screenshot

Method 2: Desktop client software

If you don't want to use Chrome, or if you prefer to keep your two-step verification code generation separate from your browser, you can install a standalone desktop app. However, you don't have as many options.

WinAuth is arguably the best for Windows users. It automatically supports a variety of services like Google, Microsoft, and Steam, and you can manually add secret strings for things like Amazon.

To do so, navigate to the folder where you downloaded WinAuth and double-click the app. This is not an installer file. Instead, the program is self-contained within this EXE file. Click the Add button, then Authenticator. Put something descriptive in the Name section, paste Amazon's secret string from your clipboard into the field below that, click Decode, then click Verify Authenticator. This will generate a test code. Go back to the Amazon account page where you copied the secret string, type this test code into the Enter Code section, and click the button labeled Verify Code and Continue.

authenticator desktop Windows

WinAuth will now give you the option to protect your codes with a password. It will also offer to use Windows' built-in encryption or a YubiKey. You can either create your password and click the OK button, or click the Cancel button to bypass these protection options. (If you change your mind later, you can access this menu by clicking the gear icon and selecting Change Protection.)

To generate a code, click the circular arrow button to the right of the account name. This code will be valid for 10 seconds. Right-click the entry to see a variety of options, like deleting it, renaming it, customizing its icon, and other functions.

What about two-factor authentication?

With two-factor authentication (2FA), factor one is the device you want to log in with, and factor two is the device you use to generate codes. So if you're generating codes on the same device you're logging in on, then you're technically not engaging in two-factor security. You're just using two-step verification.

Though two-step is not as secure as two-factor, it's still useful. For instance, if an unauthorized user breaks into a consumer database and gets your login info -- as with 68 million Dropbox accounts -- the intruder still won't be able to get into your account without the authentication code.

When hacks like that happen (and they happen more often than we'd like), it doesn't matter how good your password is, because the hackers will have it right in front of them if they can decrypt the database. But they won't have your verification code, since that's only generated on the device that you previously authorized to generate those codes.

Tom is the senior editor covering Windows at