Google Authenticator protects your Google account from keyloggers and password theft. With two-factor authentication, you’ll need both your password and an authentication code to log in. The Google Authenticator app runs on Android, iPhone, iPod, iPad and BlackBerry devices.
We’ve mentioned using two-factor authentication with a text or voice message in the past, but the Google Authenticator app can be more convenient. It displays a code that changes every thirty seconds. The code is generated on your device, so you can use the app even if your device is offline.
Activating Two-Step Authentication
First, click your email address or name at the top right corner of any Google page and select Account Settings.
Next, click the Edit link to the right of 2-Step Verification in the Security section.
Google makes us set up phone-based verification, even though we’ll be using the app. The phone number we enter now will become our backup phone number later. You can receive the code via a text message or voice phone call — after receiving it, enter the code and click Next to continue.
You’ll be asked whether you want to remember the computer or not. To minimize the hassle of two-step authentication, you can mark computers as trusted when you log in. If you do, you won’t have to enter an authentication code on that computer for the next 30 days.
The last screen activates two-factor authentication. You’ll be forced to log back in after activating it.
Enabling Google Authenticator
After logging back in, you can click your type of mobile device to start setting up Google Authenticator. (Click “Do This Later” if you’re asked to set up application-specific passwords at this point.)
The page provides instructions for downloading the Google Authenticator app on your device — on Android and iPhone, you can get it from the Market or App Store.
After launching the app, you can use the Scan a Barcode feature and scan the QR code from your screen or click the “Can’t scan the barcode?” link on the page and use the Manually Add Account feature to type it in.
After adding the account to Google Authenticator, you’ll have to type in the generated code. If the code is about to expire, wait for it to change before starting to type it.
After it’s verified, click the “Save” button.
The phone number you entered earlier becomes your backup phone number. You can use this number to receive an authentication code if you ever lose access to the Google Authenticator app or reformat your device.
Printing Backup Codes
Google offers printable backup codes you can log in with, even if you lose access to both your mobile application and backup phone number.
Print them out and keep them safe — you’ll be locked out of your Google account if you lose all three authentication methods.
Each code can only be used once, and all existing codes will become invalid if you click the “Generate New Codes” button.
Creating Application-Specific Passwords
Two-step authentication breaks email clients, chat programs and anything else that uses your Google account’s password. You’ll have to create an application-specific password for each application that doesn’t support two-step authentication.
Provide a name for each application to create a password for it.
Enter the provided password into the application. You don’t need to remember this password; you can always create a new one later.
These passwords grant access to your entire Google account and skip the two-factor authentication, so keep them safe. You can revoke them from this page if they’re ever compromised.
The next time you sign in, you’ll have to provide the current code from your Google Authenticator app.
The Google Authenticator app is open source and based on open standards. Other software projects, such as LastPass, have even started using Google Authenticator to implement their own two-factor authentication.
Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.
- Published 02/8/12