Sunday, November 2, 2014

Using Google Authenticator for 2-step authentication

Using "Google Authenticator" for 2-step authentication - This is a new Google feature from the App-store.  This is faster than a regular SMS text message.

I have long been a proponent of Google's two-factor authentication.  With this, you login to Google services (email, gdrive, etc.) using a normal User-ID and password.  Then, a few seconds later, Google sends a text message to your cell.  In a secondary screen, type the SMS numeric code and you are logged in.


Even if your credentials are stolen or lost, nobody can login to your account
You cannot be hacked
Works with all cell phones, smart and non-smart
This is highly recommended and very secure

Setup Google's 2-step verification here:  Two-step verification
(Do this before installing this article's recommended application) 

Improved with "Google Authenticator"

Two-factor, two-step authentication is recommended and using SMS text messages is nice, but if you have a smart phone, install the "Google Authenticator" app and bypass the SMS text message.  New codes are generated directly on your phone.

  • This is faster than an SMS
  • The code is immediately available; no need to wait for the SMS
  • Works even if outside of cellular or SMS services 
  • Get the code before or after you start logging in
  • Requires a smart phone

Install the app from your favorite app store (Android, Apple) and follow the instructions.  This requires you already have two-factor (2-step) authentication, from above.   

The code changes every 60 seconds and is unique to your phone and your account.

What if you don't have your phone?  You can't login.  However, when you first enable two-step authentication, Google generates a short list of emergency codes.  Store these in an email or some other location, separate from Google Services.  If you permanently lost your phone, and are not replacing it, use the emergency codes to login and then disable 2-step authentication.

If you use Microsoft Services, they also support their own form of a two-factor authentication and they have their own application.  Microsoft's program works a little differently and in some respects, it is better -- but requires you must be on a cellular network.  If you use both Microsoft and Google, you will use two separate applications.  When Facebook has theirs, then you will need three.

Related Articles:
Gmail Protection Steps
GRC's Password Haystack (why a complicated password is not enough)

Related articles: 
Keyliner Better, Stronger Safer Passwords
Keyliner:  Your Gmail account has been hacked
Keyliner:  Gmail Protection Steps

Google Account Compromised
Google has these instructions if your account were hacked and the password was changed: