Google Authenticator protects your Google account from keyloggers and password theft. With two-factor authentication, you’ll need both your password and an authentication code to log in. The Google Authenticator app runs on Android, iPhone, iPod, iPad and BlackBerry devices.

We’ve mentioned using two-factor authentication with a text or voice message in the past, but the Google Authenticator app can be more convenient. It displays a code that changes every thirty seconds. The code is generated on your device, so you can use the app even if your device is offline.

Activating Two-Step Authentication

Go to the account settings page and log in to your Google account. Under Sign-in & security, click the “Signing in to Google” link.

In the Password & sign-in method section, click “2-Step Verification”.

An introductory screen displays telling us about 2-Step Verification. Click “Get Started” to continue.

Enter your password for your Google account and press Enter or click “Sign in”.

Google makes us set up phone-based verification, even though we’ll be using the app. The phone number we enter now will become our backup phone number later. You can receive the code via a text message or voice phone call. Click “Try It” to send a code to your phone.

If you have notifications set up for text messages on your phone, you’ll see a notification pop up with the verification code.

If you don’t have notifications enabled for text messages, you can go into your text messaging app and view the verification code there.

After receiving the verification code, enter it on the Confirm that it works screen and click “Next”.

You should see a screen telling you that it worked. Click “Turn On” to finish turning on 2-step verification.

So far, the Voice or text message is the default second step. We’ll change that in the next section.

Now, log out of your Google account and then log back in. You’ll be asked to enter your password…

…and then you will receive a text message with a 6-digit code just like before. Enter that code on the 2-Step Verification screen that displays.

Enabling Google Authenticator

Now that we’ve turned on 2-Step Verification and connected your phone to your Google account, we’ll set up Google Authenticator. On the 2-Step Verification page in your browser, click “Setup” under Authenticator app.

On the dialog box that displays, select the type of phone you have and click “Next”.

The “Set up Authenticator” screen displays with a QR code, or bar code. We need to scan this with the Google Authenticator app…

…so, now install the Google Authenticator app on your phone and then open the app.

On the main Authenticator screen, tap the plus sign at the top.

Then, tap “Scan barcode” on the popup at the bottom of the screen.

You camera is activated and you’ll see a green box. Aim that green box at the QR code on your computer screen. The QR code is automatically read.

You’ll see your newly added Google account in the Authenticator app. Note the code for the account you just added.

After adding the account to Google Authenticator, you’ll have to type in the generated code. If the code is about to expire, wait for it to change so you have enough time to type it.

Now, go back to your computer and click “Next” on the Set up Authenticator dialog box.

Enter the code from the Authenticator app on the Set up Authenticator dialog box and click “Verify”.

The Done dialog box displays. Click “Done” to close it.

The Authenticator app is added to the list of second verification steps and becomes the default.

The phone number you entered earlier becomes your backup phone number. You can use this number to receive an authentication code if you ever lose access to the Google Authenticator app or reformat your device.

Logging In

The next time you sign in, you’ll have to provide the current code from your Google Authenticator app, in the same way you provided the code you received in a text message earlier in this article.

RELATED: How to Use the Notion App to Boost Productivity

Generating and Printing Backup Codes

Google offers printable backup codes you can log in with, even if you lose access to both your mobile application and backup phone number. To set up these codes, click “Setup” under Backup codes in the Set up alternative second step section.

The Save your backup codes dialog box displays with a list of 10 backup codes. Print them out and keep them safe–you’ll be locked out of your Google account if you lose all three authentication methods (your password, verification codes on your phone, and backup codes). Each backup code can only be used once.

If you backup codes have been compromised in any way, click “Get New Codes” to generate a new list of codes.

Now, you’ll see Backup codes in the list under Your second step on the 2-Step Verification screen.

Creating Application-Specific Passwords

Two-step authentication breaks email clients, chat programs and anything else that uses your Google account’s password. You’ll have to create an application-specific password for each application that doesn’t support two-step authentication.

Back on the Sign-in & security screen, click “App passwords” under Password & sign-in method.

On the App passwords screen, click the “Select app” drop-down list.

Select an option from the Select app drop-down list. We selected “Other” so we can customize the name of the app password.

If you chose Mail, Calendar, Contacts, or YouTube, select the device from the “Select device” drop-down list.

If you chose “Other” from the Select app drop-down list, the Select device drop-down list is skipped. Enter a name for the app for which you want to generate a password and then click “Generate”.

The Generated app password dialog box displays with an app password you can use to set up your Google account apps and programs, such as email, calendar, and contacts. Enter the provided password into the application rather than your standard password for this Google account. When you’re finished entering the password, click “Done” to close the dialog box. You don’t need to remember this password; you can always create a new one later.

All the names of the app passwords you have generated are listed on the App passwords screen. If an app password gets compromised, you can revoke it on this page, by clicking “Revoke” next to the app name in the list.

On the Sign-in & security screen, under Password & sign-in method, the number of App passwords you’ve created is listed. You can click on App passwords again to create new passwords or revoke existing ones.

These passwords grant access to your entire Google account and skip the two-factor authentication, so keep them safe.

The Google Authenticator app is open source and based on open standards. Other software projects, such as LastPass, have even started using Google Authenticator to implement their own two-factor authentication.

RELATED: How to Make LastPass Even More Secure with Google Authenticator

You can also set up Google’s new code-less two-factory authentication for your account, if you would rather not enter a code.

Profile Photo for Lori Kaufman Lori Kaufman
Lori Kaufman is a technology expert with 25 years of experience. She's been a senior technical writer, worked as a programmer, and has even run her own multi-location business.
Read Full Bio »
Profile Photo for Chris Hoffman Chris Hoffman
Chris Hoffman is Editor-in-Chief of How-To Geek. He's written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader's Digest, been interviewed as a technology expert on TV stations like Miami's NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read more than one billion times---and that's just here at How-To Geek.
Read Full Bio »