SEARCH

How-To Geek

How to Secure Your Google Account with Google Authenticator


Google Authenticator protects your Google account from keyloggers and password theft. With two-factor authentication, you’ll need both your password and an authentication code to log in. The Google Authenticator app runs on Android, iPhone, iPod, iPad and BlackBerry devices.

We’ve mentioned using two-factor authentication with a text or voice message in the past, but the Google Authenticator app can be more convenient. It displays a code that changes every thirty seconds. The code is generated on your device, so you can use the app even if your device is offline.

Activating Two-Step Authentication

First, click your email address or name at the top right corner of any Google page and select Account Settings.

Next, click the Edit link to the right of 2-Step Verification in the Security section.

Google makes us set up phone-based verification, even though we’ll be using the app. The phone number we enter now will become our backup phone number later. You can receive the code via a text message or voice phone call — after receiving it, enter the code and click Next to continue.

You’ll be asked whether you want to remember the computer or not. To minimize the hassle of two-step authentication, you can mark computers as trusted when you log in. If you do, you won’t have to enter an authentication code on that computer for the next 30 days.

The last screen activates two-factor authentication. You’ll be forced to log back in after activating it.

Enabling Google Authenticator

After logging back in, you can click your type of mobile device to start setting up Google Authenticator. (Click “Do This Later” if you’re asked to set up application-specific passwords at this point.)

The page provides instructions for downloading the Google Authenticator app on your device — on Android and iPhone, you can get it from the Market or App Store.

 

After launching the app, you can use the Scan a Barcode feature and scan the QR code from your screen or click the “Can’t scan the barcode?” link on the page and use the Manually Add Account feature to type it in.

After adding the account to Google Authenticator, you’ll have to type in the generated code. If the code is about to expire, wait for it to change before starting to type it.

After it’s verified, click the “Save” button.

The phone number you entered earlier becomes your backup phone number. You can use this number to receive an authentication code if you ever lose access to the Google Authenticator app or reformat your device.

Printing Backup Codes

Google offers printable backup codes you can log in with, even if you lose access to both your mobile application and backup phone number.

Print them out and keep them safe — you’ll be locked out of your Google account if you lose all three authentication methods.

Each code can only be used once, and all existing codes will become invalid if you click the “Generate New Codes” button.

Creating Application-Specific Passwords

Two-step authentication breaks email clients, chat programs and anything else that uses your Google account’s password. You’ll have to create an application-specific password for each application that doesn’t support two-step authentication.

Provide a name for each application to create a password for it.

Enter the provided password into the application. You don’t need to remember this password; you can always create a new one later.

These passwords grant access to your entire Google account and skip the two-factor authentication, so keep them safe. You can revoke them from this page if they’re ever compromised.

Logging In

The next time you sign in, you’ll have to provide the current code from your Google Authenticator app.


The Google Authenticator app is open source and based on open standards. Other software projects, such as LastPass, have even started using Google Authenticator to implement their own two-factor authentication.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 02/8/12

Comments (12)

  1. TheUnknownOne

    Hi

    I wondered do you have to pay everytime you receive this code? Or is this a free service provided by Google?

  2. metallikris

    You should not let the QR code displayed in clear =/

  3. @TheUnknownOne

    Yes, its free. After enabling this two-factory method, my account was hacked. So i can bet it is worthless service

  4. DeftBeast

    If you don’t want your email address to be public knowledge, you may want to change the QR code in picture.

  5. Jamie

    I agree metallikris. HTG, unless you (hopefully) modified the QR code, you should blur it in the sample above.

  6. Chris Hoffman

    @Everyone

    I used a throwaway email address for this article, so it doesn’t matter. I’ll blur it anyway, but it’s no big deal.

    @TheUnknownOne

    Google Authenticator is free. If you use the method where Google sends you codes via text message, your cell phone carrier may charge you for receiving the texts.

  7. Michael Cook

    Interesting dilemma: If I don’t download the Authenticator to my Android phone BEFORE I turn on 2 step Authentication, my phone will no longer let me use my gmail password to access the Market.

  8. Chris Hoffman

    @Michael Cook

    I never had this problem, but that’s very interesting.

    Don’t worry — you can also set up an application-specific password before enabling Google Authenticator support.

    For the sake of simplicity, I left that until later in this article. But it can be done first.

  9. metallikris

    @Chris Hoffman

    Oh ok that’s right so =)
    And for tips, you can rename the count with push longer on the account =)

  10. JD Rosen

    Phone and phone costs dependent, worthless waste of time.

  11. DG

    From a non-techi: If one has constant email/wirelss access via their service provider, will they repeatedly need to enter a code to receive gmails to iphone, or once is entered then emails just flow as normal?

  12. Chris Hoffman

    @DG

    Hi DG,

    You’ll have to set up an application=specific password for your iPhone. We show you how to do that in the article.

    After you set up an application-specific password, you’ll only have to enter it once. Emails will flow normally.

Enter Your Email Here to Get Access for Free:

Go check your email!