Don't worry, this site is still about Virtual Private Networks! But I also like to talk about things related to privacy. And passwords account for a good chunk of protecting your privacy online. Therefore I've decided to add one article about password protection and management. And I'll focus this time on a review about Google Two Factor authentication software, a.k.a. Google Authenticator.
Google Authenticator, the software token from the Big G
First of all, let's start with a word about Google Two-factor authentication (2FA). Or Google Two-step verification to be more accurate. While I'm sure you've already got some notifications about it, from one service or another, you may not have set it up yet. Because you don't know what this is about. Or maybe you think it looks too complicated.
But it's not. It's just an additional layer of protection you can implement when you want to sign in to a web service. And it requires a device with the Google Authenticator app that will dynamically generate a 6 digit number that is common to the user and the authentication system. So you use your login credentials (username and login), then you need to input the generated code to log in. That's it.
The main advantage is that no one can log in without your one-time password, even if the person has successfully stolen your credentials. And the code expires every few seconds for increased protection. Also, using Google Authenticator app ensures that you can connect even when your device is out of the coverage area. Because if you use Two-factor authentication with SMS, this is the main concern…
Google Authenticator: Pricing
As with most of their end-users applications and services, Google 2 factor authentication is free. So you can use it without spending anything, ever. And it doesn't only cover Google services. But all the websites which have enabled Two-factor authentication!
Summary sheet for Google Authenticator
|Multi-factor authentication||2-Step Verification|
|Algorithms||RFC 6238 and RFC 4226|
|Supported devices||Mobiles (Windows, iOS, Android)|
The Google Authenticator app in details
To transform your smartphone into a security token, there's not much to implement. And the interface is very minimalist, with only the mandatory information and features available.
They're almost nonexistent… Indeed, there's only the Time correction for codes, a troubleshooting feature, if your codes aren't working.
How to setup Google Authenticator?
The first step is to download and install the Google Authenticator app on your device. And you can find the app either on the Play Store, or on the App Store. Then you need to enable Two-factor authentication on the account you want to add to the app. Among the most popular websites, you can add:
And many more. As a rule, you just need to check in your account settings or privacy settings if you can enable Two-factor authentication. Let me show you how I've enabled it with Coinbase. I went to the Settings tab. And then I've selected the Security tab. First, you need to verify your phone number – this is mandatory on all websites.
And then, in the Two-Factor Authentication section, click on Enable Authenticator. First, you'll have to verify your phone number, again, by entering the code received by SMS. And click on Verify.
Now you've done the hardest part. And you can see a QR code displayed on the page (I've hidden mine for obvious reasons):
So take your device with the Google Authenticator app. And open the app. Click on the + icon, at the bottom right of the screen and select Scan a barcode. And the app will launch the camera to scan your barcode. You don't have anything to do but aim the crosshair on the QR code.
And you're almost done! You can now see the code the app is generating for your account. As I said, the code expires after a certain amount of time. And you can see its life expectancy on the right side; there's a countdown timer.
Finally, you need to enter the code from the app on the website, to verify it's working. And click on Enable. You now have a new 2FA account added in the app. And the next time you connect to Coinbase (or any other website), you'll need to use your login credentials and the code from the app.