How-To Geek

How to Secure Your Google Account with Google Authenticator

00_lead_image_google_authenticator_logo

Google Authenticator protects your Google account from keyloggers and password theft. With two-factor authentication, you’ll need both your password and an authentication code to log in. The Google Authenticator app runs on Android, iPhone, iPod, iPad and BlackBerry devices.

We’ve mentioned using two-factor authentication with a text or voice message in the past, but the Google Authenticator app can be more convenient. It displays a code that changes every thirty seconds. The code is generated on your device, so you can use the app even if your device is offline.

Activating Two-Step Authentication

Go to the account settings page and log in to your Google account. Under Sign-in & security, click the “Signing in to Google” link.

01_clicking_signing_in_to_google

In the Password & sign-in method section, click “2-Step Verification”.

02_clicking_2step_verification

An introductory screen displays telling us about 2-Step Verification. Click “Get Started” to continue.

03_clicking_get_started

Enter your password for your Google account and press Enter or click “Sign in”.

04_entering_password

Google makes us set up phone-based verification, even though we’ll be using the app. The phone number we enter now will become our backup phone number later. You can receive the code via a text message or voice phone call. Click “Try It” to send a code to your phone.

05_how_do_you_want_to_get_codes

If you have notifications set up for text messages on your phone, you’ll see a notification pop up with the verification code.

06_google_verification_code_on_phone

If you don’t have notifications enabled for text messages, you can go into your text messaging app and view the verification code there.

07_google_verification_code_in_messages

After receiving the verification code, enter it on the Confirm that it works screen and click “Next”.

08_confirm_that_it_works

You should see a screen telling you that it worked. Click “Turn On” to finish turning on 2-step verification.

09_clicking_turn_on

So far, the Voice or text message is the default second step. We’ll change that in the next section.

10_default_voice_or_text_message

Now, log out of your Google account and then log back in. You’ll be asked to enter your password…

11_entering_password_for_account

…and then you will receive a text message with a 6-digit code just like before. Enter that code on the 2-Step Verification screen that displays.

12_entering_verification_code

Enabling Google Authenticator

Now that we’ve turned on 2-Step Verification and connected your phone to your Google account, we’ll set up Google Authenticator. On the 2-Step Verification page in your browser, click “Setup” under Authenticator app.

13_clicking_setup_for_authenticator_app

On the dialog box that displays, select the type of phone you have and click “Next”.

14_what_kind_of_phone

The “Set up Authenticator” screen displays with a QR code, or bar code. We need to scan this with the Google Authenticator app…

15_set_up_authenticator_qr

…so, now install the Google Authenticator app on your phone and then open the app.

16_opening_authenticator_app

On the main Authenticator screen, tap the plus sign at the top.

17_clicking_plus_sign

Then, tap “Scan barcode” on the popup at the bottom of the screen.

18_tapping_scan_barcode

You camera is activated and you’ll see a green box. Aim that green box at the QR code on your computer screen. The QR code is automatically read.

19_scanning_barcode_on_phone

You’ll see your newly added Google account in the Authenticator app. Note the code for the account you just added.

20_google_account_added_to_authenticator_app

After adding the account to Google Authenticator, you’ll have to type in the generated code. If the code is about to expire, wait for it to change so you have enough time to type it.

Now, go back to your computer and click “Next” on the Set up Authenticator dialog box.

20a_clicking_next_on_set_up_authenticator

Enter the code from the Authenticator app on the Set up Authenticator dialog box and click “Verify”.

21_enter_code_from_authenticator_app

The Done dialog box displays. Click “Done” to close it.

22_clicking_done

The Authenticator app is added to the list of second verification steps and becomes the default.

23_authenticator_app_added

The phone number you entered earlier becomes your backup phone number. You can use this number to receive an authentication code if you ever lose access to the Google Authenticator app or reformat your device.

Logging In

The next time you sign in, you’ll have to provide the current code from your Google Authenticator app, in the same way you provided the code you received in a text message earlier in this article.

23a_entering_verification_code

Generating and Printing Backup Codes

Google offers printable backup codes you can log in with, even if you lose access to both your mobile application and backup phone number. To set up these codes, click “Setup” under Backup codes in the Set up alternative second step section.

24_clicking_setup_for_backup_codes

The Save your backup codes dialog box displays with a list of 10 backup codes. Print them out and keep them safe–you’ll be locked out of your Google account if you lose all three authentication methods (your password, verification codes on your phone, and backup codes). Each backup code can only be used once.

25_save_backup_codes

If you backup codes have been compromised in any way, click “Get New Codes” to generate a new list of codes.

Now, you’ll see Backup codes in the list under Your second step on the 2-Step Verification screen.

28_clicking_show_codes

Creating Application-Specific Passwords

Two-step authentication breaks email clients, chat programs and anything else that uses your Google account’s password. You’ll have to create an application-specific password for each application that doesn’t support two-step authentication.

Back on the Sign-in & security screen, click “App passwords” under Password & sign-in method.

29_clicking_app_passwords

On the App passwords screen, click the “Select app” drop-down list.

30_clicking_select_app

Select an option from the Select app drop-down list. We selected “Other” so we can customize the name of the app password.

31_selecting_other

If you chose Mail, Calendar, Contacts, or YouTube, select the device from the “Select device” drop-down list.

31a_selecting_device

If you chose “Other” from the Select app drop-down list, the Select device drop-down list is skipped. Enter a name for the app for which you want to generate a password and then click “Generate”.

32_clicking_generate

The Generated app password dialog box displays with an app password you can use to set up your Google account apps and programs, such as email, calendar, and contacts. Enter the provided password into the application rather than your standard password for this Google account. When you’re finished entering the password, click “Done” to close the dialog box. You don’t need to remember this password; you can always create a new one later.

33_generated_app_password

All the names of the app passwords you have generated are listed on the App passwords screen. If an app password gets compromised, you can revoke it on this page, by clicking “Revoke” next to the app name in the list.

34_clicking_revoke

On the Sign-in & security screen, under Password & sign-in method, the number of App passwords you’ve created is listed. You can click on App passwords again to create new passwords or revoke existing ones.

35_showing_one_password

These passwords grant access to your entire Google account and skip the two-factor authentication, so keep them safe.


The Google Authenticator app is open source and based on open standards. Other software projects, such as LastPass, have even started using Google Authenticator to implement their own two-factor authentication.

You can also set up Google’s new code-less two-factory authentication for your account, if you would rather not enter a code.

Lori Kaufman is a writer who likes to write geeky how-to articles to help make people's lives easier through the use of technology. She loves watching and reading mysteries and is an avid Doctor Who fan.


Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 02/8/12

Comments (12)

  1. TheUnknownOne

    Hi

    I wondered do you have to pay everytime you receive this code? Or is this a free service provided by Google?

  2. metallikris

    You should not let the QR code displayed in clear =/

  3. @TheUnknownOne

    Yes, its free. After enabling this two-factory method, my account was hacked. So i can bet it is worthless service

  4. DeftBeast

    If you don’t want your email address to be public knowledge, you may want to change the QR code in picture.

  5. Jamie

    I agree metallikris. HTG, unless you (hopefully) modified the QR code, you should blur it in the sample above.

  6. Chris Hoffman

    @Everyone

    I used a throwaway email address for this article, so it doesn’t matter. I’ll blur it anyway, but it’s no big deal.

    @TheUnknownOne

    Google Authenticator is free. If you use the method where Google sends you codes via text message, your cell phone carrier may charge you for receiving the texts.

  7. Michael Cook

    Interesting dilemma: If I don’t download the Authenticator to my Android phone BEFORE I turn on 2 step Authentication, my phone will no longer let me use my gmail password to access the Market.

  8. Chris Hoffman

    @Michael Cook

    I never had this problem, but that’s very interesting.

    Don’t worry — you can also set up an application-specific password before enabling Google Authenticator support.

    For the sake of simplicity, I left that until later in this article. But it can be done first.

  9. metallikris

    @Chris Hoffman

    Oh ok that’s right so =)
    And for tips, you can rename the count with push longer on the account =)

  10. JD Rosen

    Phone and phone costs dependent, worthless waste of time.

  11. DG

    From a non-techi: If one has constant email/wirelss access via their service provider, will they repeatedly need to enter a code to receive gmails to iphone, or once is entered then emails just flow as normal?

  12. Chris Hoffman

    @DG

    Hi DG,

    You’ll have to set up an application=specific password for your iPhone. We show you how to do that in the article.

    After you set up an application-specific password, you’ll only have to enter it once. Emails will flow normally.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!