Google Authenticator: a reader asks…
About this 2-factor authentication. Google tells me to use their app Google Authenticator. Can you give me a quick primer on using it with a website login?
Sure! First off let me applaud you for considering using 2-factor authentication. The standard username/password combo has proven itself to be inadequate for even basic security. Most folks simply won’t use strong and unique passwords to secure their online accounts. I’m not saying that 2-factor authentication is perfect, but it’s a darn sight better than your email address and your dog’s name.
For a website that offers 2-factor authentication, usually your choices are to get a text message or to use a code-generator app like Google Authenticator. Text messages are easier to set up, but if you take just an extra minute or two, the app can make your login chores much easier. First thing is to download and install the Google Authenticator app on your smartphone. On your smartphone, click one of these links to get started:
- Google Play Store (for Android-powered smartphones)
- Apple App Store (for iPhones and iPads)
- Blackberry (way too complicated, use text messaging)
Let’s do this in front of your computer (and with it and your smartphone). First, visit the website that offers 2-factor authentication. Navigate to the setup area (wildly different for different sites). At this point you’re going to have two choices:
- a barcode or QR-code is displayed
- a secret key code (alphanumeric) is displayed.
Now that you have the app installed, tap the plus icon on your smartphone at the top-right to add a new entry. If you don’t have any entries yet, you may only see the pencil icon so tap that. You’ll have two options on your smartphone screen, to either scan the barcode/QR-code or manual entry. Tap the entry corresponding to your computer’s screen display. If you can see a barcode, choose Scan barcode and your smartphone’s camera will be activated. Point it at the computer screen displaying the barcode/QR-code and it should recognize the entry and fill in the details for you. If manual entry, you’ll have to tap in the username and secret key code in the space provided. The time-based slider should be turned on.
Sometimes barcodes or QR-codes don’t work, in which case you’ll have to resort to the manual entry method. But the result is that you’ll get an entry on your smartphone screen with a six-digit code that changes every minute. Once you’ve turned this feature on for the website, you’ll need to use the current code along with your username and password to access the website. Remember that passwords (and secret codes) are usually a mix of upper and lower-case letters and numbers. Hopefully you’ll have an easier time with them as most webmasters will at least try not to use confusing characters like zeros and the letter o, eights and a capital B, etc.
Where this handy app falls down is if you have a lot of websites with 2-factor authentication turned on. Then you have a long list of sites in the app to scroll through and find the right one. The app will let you re-order the list (using the pencil icon), but it can still be a bit unwieldy to use. I use a mix of Google Authenticator and text message authentication codes, which keeps things manageable. Especially since not all websites will work with the Google Authenticator.