diff --git a/doc/NEWS b/doc/NEWS
index 376714c7b8b..ebf938990ab 100644
--- a/doc/NEWS
+++ b/doc/NEWS
@@ -238,6 +238,10 @@ Major changes from 1.9.0-jumbo-1 (May 2019) in this bleeding-edge version:
   large portion of a mask should be generated on device-side (or completely
   disabling internal mask).  [magnum; 2021]
 
+- Added authenticator2john.py: script to extract and format
+  https://github.com/JeNeSuisPasDave/authenticator app passwords.
+  [Mark Silinio; 2021]
+
 - Add a format class "vector" for matching vector capable OpenCL formats.  This
   doesn't include bitslice formats.  It matches formats that will run SIMD
   using the default GPU, or per the  --device option.  [magnum; 2021]
@@ -305,7 +309,6 @@ Major changes from 1.9.0-jumbo-1 (May 2019) in this bleeding-edge version:
 
 - Added krb5tgs-sha1[-opencl] formats for etypes 17 and 18.  [magnum; 2023]
 
-
 Major changes from 1.8.0-jumbo-1 (December 2014) to 1.9.0-jumbo-1 (May 2019):
 
 - Updated to 1.9.0 core, which brought the following relevant major changes:
diff --git a/run/authenticator2john.py b/run/authenticator2john.py
new file mode 100755
index 00000000000..d9ec30a5b53
--- /dev/null
+++ b/run/authenticator2john.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+
+# This software is Copyright (c) 2021 Mark Silinio <mark.silinio-at-gmail.com>,
+# and it is hereby released to the general public under the following terms:
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# Extract and format https://github.com/JeNeSuisPasDave/authenticator app password for cracking with JtR
+# Usage: ./authenticator2john.py <authenticator.data file>
+
+import os
+import sys
+from binascii import hexlify
+
+if len(sys.argv) < 2:
+    print('Usage: ./authenticator2john.py <authenticator.data files>')
+    exit(1)
+
+filenames = sys.argv[1:]
+
+for filename in filenames:
+    bname = os.path.basename(filename)
+    try:
+        f = open(filename, "rb")
+        data = f.read()
+    except IOError:
+        e = sys.exc_info()[1]
+        sys.stderr.write("%s\n" % str(e))
+        exit(1)
+
+    iv = data[:16]
+    encrypted_data = data[16:32]
+    iv = hexlify(iv).decode("ascii")
+    encrypted_data = hexlify(encrypted_data).decode("ascii")
+    sys.stdout.write("%s:$authenticator$0$%s$%s\n" % (bname, iv, encrypted_data))