My favorites | Sign in
Project Home Downloads Wiki Issues Source
Project Information


Download Latest Version (2.0.4713.34518):

Checkout Source: svn checkout winbma-2.0.4713.34518

Note: In order to simplify releasing new versions, source is available through SVN only. For an easy way to checkout from SVN, use TortoiseSVN.


WinBMA is a Windows based Authenticator which allows people who don't have access to a smartphone supported by the official BMA to still be protected by an authenticator.

WinBMA supports multiple authenticators. You can save your authenticators to ".bma" files which can be imported again if you need to transfer an authenticator from one computer to the other.

Important: Using this authenticator on the same computer as your WoW installation does NOT protect you against malicious software stealing your information. For maximum security, use this authenticator on a different computer then your WoW installation. See Security Implications.


  • Supports multiple BMA's
  • BMA's can be identified with a label of your choice
  • Auto/Manual resync with Blizzard's Auth servers (once a week)
  • Import and export BMA through the .bma file format
  • One-Click Copy of generated key and serial
  • Strong Encryption Options (AES-256/PBKDF2 and/or Windows Data Protection)
  • Restore Codes supported
  • Themes


Security Implications

Using a PC based authenticator versus a mobile or hardware one does not protect you against malicious software. Since the security token has to be stored on your computer, malicious software could steal that information and generate working authenticator codes.

This is the reason why Blizzard does not release a PC authenticator. The high-visibility of an official PC authenticator would make it completely useless at stopping malware-based attacks.

However, this does not mean that using a Windows-based authenticator is completely useless. An authenticator protects you on multiple levels:

  1. It almost completely neutralizes and prevents brute-force attacks.
  2. It protects you against data mining from other account compromises (a strong, unique password for each of your accounts also does that, never use the same password twice).
  3. It protects you against common phishing attacks (however, an attacker could request 2 authenticator codes and unregister your current authenticator)
  4. It protects you against keyloggers and malware

This authenticator does all of the above EXCEPT point 4 when WinBMA is installed on the same computer as your WoW installation. While it will protect you against generic keyloggers, malware written specifically for stealing WoW account information could include support for WinBMA and steal your authenticator unencrypted security token and generate working authenticator codes for your account. To mitigate this, please encrypt your tokens using a password (different than your account password).

For maximum security, please use an official hardware/mobile authenticator or use the above authenticator on a separate computer then your WoW installation.

Powered by Google Project Hosting