Quick Links

Google Authenticator protects your Google account from keyloggers and password theft. With two-factor authentication, you'll need both your password and an authentication code to log in. The Google Authenticator app runs on Android, iPhone, iPod, iPad and BlackBerry devices.

Related: Here's Why You Should Use Two-Factor Authentication (2FA)

We've mentioned using two-factor authentication with a text or voice message in the past, but the Google Authenticator app can be more convenient. It displays a code that changes every thirty seconds. The code is generated on your device, so you can use the app even if your device is offline.

Activating Two-Step Authentication

Go to the account settings page and log in to your Google account. Under Sign-in & security, click the "Signing in to Google" link.

01_clicking_signing_in_to_google

In the Password & sign-in method section, click "2-Step Verification".

02_clicking_2step_verification

An introductory screen displays telling us about 2-Step Verification. Click "Get Started" to continue.

03_clicking_get_started

Enter your password for your Google account and press Enter or click "Sign in".

04_entering_password

Google makes us set up phone-based verification, even though we'll be using the app. The phone number we enter now will become our backup phone number later. You can receive the code via a text message or voice phone call. Click "Try It" to send a code to your phone.

05_how_do_you_want_to_get_codes

If you have notifications set up for text messages on your phone, you'll see a notification pop up with the verification code.

06_google_verification_code_on_phone

If you don't have notifications enabled for text messages, you can go into your text messaging app and view the verification code there.

07_google_verification_code_in_messages

After receiving the verification code, enter it on the Confirm that it works screen and click "Next".

08_confirm_that_it_works

You should see a screen telling you that it worked. Click "Turn On" to finish turning on 2-step verification.

09_clicking_turn_on

So far, the Voice or text message is the default second step. We'll change that in the next section.

10_default_voice_or_text_message

Now, log out of your Google account and then log back in. You'll be asked to enter your password...

11_entering_password_for_account

...and then you will receive a text message with a 6-digit code just like before. Enter that code on the 2-Step Verification screen that displays.

12_entering_verification_code

Enabling Google Authenticator

Now that we've turned on 2-Step Verification and connected your phone to your Google account, we'll set up Google Authenticator. On the 2-Step Verification page in your browser, click "Setup" under Authenticator app.

13_clicking_setup_for_authenticator_app

On the dialog box that displays, select the type of phone you have and click "Next".

14_what_kind_of_phone

The "Set up Authenticator" screen displays with a QR code, or bar code. We need to scan this with the Google Authenticator app...

15_set_up_authenticator_qr

...so, now install the Google Authenticator app on your phone and then open the app.

16_opening_authenticator_app

On the main Authenticator screen, tap the plus sign at the top.

17_clicking_plus_sign

Then, tap "Scan barcode" on the popup at the bottom of the screen.

18_tapping_scan_barcode

You camera is activated and you'll see a green box. Aim that green box at the QR code on your computer screen. The QR code is automatically read.

19_scanning_barcode_on_phone

You'll see your newly added Google account in the Authenticator app. Note the code for the account you just added.

20_google_account_added_to_authenticator_app

After adding the account to Google Authenticator, you'll have to type in the generated code. If the code is about to expire, wait for it to change so you have enough time to type it.

Now, go back to your computer and click "Next" on the Set up Authenticator dialog box.

20a_clicking_next_on_set_up_authenticator

Enter the code from the Authenticator app on the Set up Authenticator dialog box and click "Verify".

21_enter_code_from_authenticator_app

The Done dialog box displays. Click "Done" to close it.

22_clicking_done

The Authenticator app is added to the list of second verification steps and becomes the default.

23_authenticator_app_added

The phone number you entered earlier becomes your backup phone number. You can use this number to receive an authentication code if you ever lose access to the Google Authenticator app or reformat your device.

Logging In

The next time you sign in, you'll have to provide the current code from your Google Authenticator app, in the same way you provided the code you received in a text message earlier in this article.

23a_entering_verification_code

Related: How to Use the Notion App to Boost Productivity

Generating and Printing Backup Codes

Google offers printable backup codes you can log in with, even if you lose access to both your mobile application and backup phone number. To set up these codes, click "Setup" under Backup codes in the Set up alternative second step section.

24_clicking_setup_for_backup_codes

The Save your backup codes dialog box displays with a list of 10 backup codes. Print them out and keep them safe--you'll be locked out of your Google account if you lose all three authentication methods (your password, verification codes on your phone, and backup codes). Each backup code can only be used once.

25_save_backup_codes

If you backup codes have been compromised in any way, click "Get New Codes" to generate a new list of codes.

Now, you'll see Backup codes in the list under Your second step on the 2-Step Verification screen.

28_clicking_show_codes

Creating Application-Specific Passwords

Two-step authentication breaks email clients, chat programs and anything else that uses your Google account's password. You'll have to create an application-specific password for each application that doesn't support two-step authentication.

Back on the Sign-in & security screen, click "App passwords" under Password & sign-in method.

29_clicking_app_passwords

On the App passwords screen, click the "Select app" drop-down list.

30_clicking_select_app

Select an option from the Select app drop-down list. We selected "Other" so we can customize the name of the app password.

31_selecting_other

If you chose Mail, Calendar, Contacts, or YouTube, select the device from the "Select device" drop-down list.

31a_selecting_device

If you chose "Other" from the Select app drop-down list, the Select device drop-down list is skipped. Enter a name for the app for which you want to generate a password and then click "Generate".

32_clicking_generate

The Generated app password dialog box displays with an app password you can use to set up your Google account apps and programs, such as email, calendar, and contacts. Enter the provided password into the application rather than your standard password for this Google account. When you're finished entering the password, click "Done" to close the dialog box. You don't need to remember this password; you can always create a new one later.

33_generated_app_password

All the names of the app passwords you have generated are listed on the App passwords screen. If an app password gets compromised, you can revoke it on this page, by clicking "Revoke" next to the app name in the list.

34_clicking_revoke

On the Sign-in & security screen, under Password & sign-in method, the number of App passwords you've created is listed. You can click on App passwords again to create new passwords or revoke existing ones.

35_showing_one_password

These passwords grant access to your entire Google account and skip the two-factor authentication, so keep them safe.


The Google Authenticator app is open source and based on open standards. Other software projects, such as LastPass, have even started using Google Authenticator to implement their own two-factor authentication.

Related: How to Set Up Google’s New Code-Less Two-Factor Authentication

You can also set up Google's new code-less two-factory authentication for your account, if you would rather not enter a code.