Gembok Authenticator - 2FA Authenticator and Password Manager

About

Gembok Authenticator is a software-based (virtual) authenticator that generates two-step authentication tokens and stores passwords directly in the browser. It is written in HTML and JavaScript, and works on modern browsers such as Google Chrome, Firefox, Safari, and others. All data is stored in a simple JSON file that can be saved locally or synced with Google Drive.

Features

- Generate TOTP tokens (compatible with Google Authenticator)
- Store passwords securely alongside tokens
- Google Drive integration for cloud sync
- AES-GCM encryption with 600k PBKDF2 iterations
- JSON editor for advanced users
- User-friendly forms for adding/editing items
- Light and dark theme support
- Single HTML file - fully portable

Compatibility

Gembok Authenticator uses the same algorithm as most software-based authenticators, including Google Authenticator. Based on limited personal testing with services such as Twitter and AWS, no compatibility issues were found.

Credits

Gembok Authenticator uses the following libraries:
- otpauth by Héctor Molinero Fernández
- Google Drive API for cloud storage
- Native Web Crypto API for AES-GCM encryption

Changelog

v2.0 (2026/01/16)
- Added Google Drive integration (open/save files)
- Added password manager functionality
- Added JSON editor with real-time sync
- Added user-friendly forms for adding/editing items
- Added light/dark theme toggle
- Migrated to AES-GCM encryption (600k PBKDF2 iterations)
- Replaced native dialogs with custom UI dialogs
- Added settings page with persistent preferences
- Encryption on save enabled by default

v1.2 (2022/01/02)
- Added support for reading JSON files encrypted with AES-256-CBC

v1.1 (2021/09/19)
- Added support for copying tokens to the clipboard

v1.0 (2021/08/03)
- Initial release

Author

Written by Rio Astamal.

License

This application is open source and licensed under MIT license.

Editor

Edit your JSON credentials below. Changes are automatically reflected on the Tokens page.

Settings

Configure your preferences below.

Encrypt JSON on Save

Light Theme

Add New

Add a new 2FA token, password, or both.

Provider *

Secret

Password

Show | Generate

Description

Color

Show advanced settings ▶

Edit Item

Update your 2FA token, password, or other details.

Provider *

Secret

Password

Show | Generate

Description

Color

Show advanced settings ▶

Help

Gembok Authenticator stores all token and password data in a JSON file. You can create items using the New Token form, edit them in the Editor, and save the file to your computer or Google Drive.

Getting Started

1. Click New Token to add your first item
2. Enter provider name (required) and secret key (optional for password-only)
3. Optionally add a password to store alongside the token
4. Click Add Token to save
5. Use Save to Disk or Save to Google Drive to store your data

Create Tokens

Option 1: New Token Form
Use New Token to add items through a user-friendly form. Enter the provider name (required), secret key (optional), and password (optional). You can create token-only, password-only, or combined entries.

Option 2: Using Editor
Advanced users can create or modify items directly using the Editor. Changes are automatically reflected on the Tokens page. Below is an example JSON structure:

[
  {
    "provider": "Google",
    "description": "Main account",
    "secret": "I5XW6Z3MMUQG2YLJNYQGCY3D",
    "password": "mySecurePassword123",
    "period": 30,
    "digits": 6,
    "algorithm": "SHA1",
    "indicatorColor": "red"
  },
  {
    "provider": "AWS",
    "description": "Root account",
    "secret": "IFLVG4TPN52GCY3D",
    "indicatorColor": "orange"
  },
  {
    "provider": "MyBank",
    "description": "Password only",
    "password": "bankPassword456",
    "indicatorColor": "blue"
  }
]

Required: provider
Optional: secret, password, description, period (default: 30), digits (default: 6), algorithm (default: SHA1), indicatorColor (default: red)

Google Drive Integration

- Open from Google Drive: Load your credentials file from Google Drive
- Save to Google Drive: Update existing file or create new one
- Save As to Google Drive: Save a copy with a new name
Connection status shown in footer when authenticated

Encryption

Files are encrypted using AES-GCM with 600,000 PBKDF2 iterations. Encryption is enabled by default (see Settings to change). When opening an encrypted file, you'll be prompted for the passphrase. Below is an example encrypted with passphrase "gembok":

a3FEMDiJs7rr9/aFzFwBAE39ursOsbZVRj0Zt6G85r6Oh5s8X1/gZ8057KLGXTihpg7i9i733PXptVpFys3vNaC805Fdl7Olce6l1NCbjzvLOLa1+7Lf6QpExxX2ksB3A3LyF1uOb6NtLcDhu95wC/VkmqSqun0tSI4Vn1M4UIilyfsFK6N6rmGuRXMzcRyp8wKG5oMo2Pr7SM68F+n4IbMbNFtybkUEfU7RU2WpdjXtg2sn1JIksEE1v118tA+lRC/1ZOyySU4XKUI8zFRmCg2gh5qjSwjPKOYp+0AmWaItqPectcksfWlvSIQrUnf/r2/BbmSzVsROWgsW0YKAqGOTnlmTQ0Tjqmc3PREUAeqGX3L/VJg+zsHiHo7J997eaqIAjtyqg7qEpHV6wtLOlZqG+G9iV/z2EhUihVWkejOwckXxvyTuLcEec73PufCMWE90KC4TPNq1pvCxQSD27XE8nu/aFSfn/ojG/urzoJHIAgE689OWU3OMPkiBsqRIrFknzbTyJxndEn+d/U2yohUcEzBtqRkCCBZhX3etxA9Ru9cMBdnXFmZ3Otkjb8eFqwc8ORIRB5qA7AOP2VrIeIcwvkjzynrDkPjjpzlZsjDy7mKpq4cGdTOmCBhswEtfHblqrBeaQk/xTGhuyy9gqJLkxOD32fkP+bMJMVjg4ePE9EmyQ3+Na2qvhIf2emnBmaA4KeY+o+mPJyPevNDQkU9YnKRfhwhqVM82fFexM356w2wlYGtSiidfCQ7CMBd8gnMs1OfKbm+PeZL4kb7IY7Sy/9x9Elhoh78DWix79vHnUIJqzkisJt4/bDi0PgA9UJ09eJLQ0kJRzyexHE7JXwBOIxjICmvP87KWP/uRaDJw6pFY0KeOI3FIhsZbdA08DYctJ1KUjGyla3Yx6xaJB3np/0J+bG+u6scm2yCzZlbw7Olx9Lag1ikZArTewxJzLeK2t6PbvO0fC+xh+Bh8snct9ZH+X0LWRFIpk08a8okKfOXSigDoPh31SJveHFka4DIvLjphEo6q2Q+9NMe36vfivwkG5ucjqfeIxUiXnsE6I5Cd+BY4dZjRaGh4TVNK6mtDuquDUHXxk0Kks5mY7ETFMSL/wNKKRCvkO+ZzfQDSECV0RcffpZCGDU6Fcy/a4suu/GJStnO944AlHqT14Mk3pDZni+0LsAFK5FZVjKckGgyMI0Bv8LY3IY7MHh91I7dK

Settings

- Encrypt JSON on Save: Enable/disable automatic encryption (default: enabled)
- Light Theme: Toggle between dark and light themes
Settings are saved automatically and persist across sessions