Google Authenticator: how does it work?

At work, you saw a colleague log into his Google account in a way that was “strange” to you: after entering his username and password, he launched an app on his phone, generating a code that allowed him to complete the login. Interested in this particular security system, you asked about it: the co-worker explained that he had previously enabled two-step Google verification and needed to use the Google Authenticator app for secure access. Once home, you decided to satisfy your curiosity, so you opened Google looking for information on how Google Authenticator works, and ended up on my guide. You couldn’t have come to a better place! In the following lines, we’ll actually explain what two-factor authentication is and how to use the app in question to achieve it.

Preliminary information

Google Authenticator is a code generator to be used to complete the two-factor authentication process, or two-step verification, or even 2FA, supported by a growing number of websites and web services. For your information, two-factor authentication is an additional level of protection provided by many portals and services: it combines the entry of a username and password with that of a disposable code generated “on the fly” by a specific application (such as Google Authenticator), received via SMS, email or other communication methods that can identify the real owner of the account. Contrary to what you might think, the operation of two-factor authentication is very simple: first of all, you need to activate and properly configure the additional security settings, indicating the application or the means of receiving the code, through the appropriate panel on the site of interest. In general, when the two-step verification is activated, all the accesses made by the different devices are revoked and must be reactivated. During the next login, once you have entered the username and password to access the site or service you wish to use, the user is prompted to generate and enter the security code to proceed to the second authentication step. At this point, it is enough to launch the specific application to create it, or to confirm its sending by SMS, e-mail or other communication channel. Finally, just enter the generated code in the text field, press the button to log in and, if necessary, authorize the device also for future logins, so you don’t have to repeat the two-factor authentication. The Google Authenticator app can be used to generate the disposable codes to be used for Gmail two-step verification, but not only that: most sites and services for which two-step verification is available support authentication via Google Authenticator.

How does the Google Authenticator application work?

You must first activate the 2-step validation for your Google account with your phone number. You can follow this tutorial to get the steps to do. Go to the 2-step validation configuration page and click on Use the application in front of the Google Authenticator icon. Google offers you a QR code (barcode) to scan from the Google Authenticator application. From your smartphone, open the Google Authenticator application. The first time you use the application, you have to add your account. Press on the “menu” icon and then on Set up an account. The application then prompts you to scan a barcode. This is the QR code displayed on the website of the 2-step validation offered on your computer. Point the camera of your smartphone at the QR code displayed on the computer. To complete the association of the phone with your computer, a validation code is displayed on your smartphone. You must enter it on your computer on the 2-step validation page and click on Validate. Click on Save to finish the configuration. The application is now correctly set up. To use it, simply open it and fill in the code proposed when you connect to your Google account. This code is updated regularly. Google Authenticator simplifies the use of the 2-step validation when connecting to a Google account. The tool also works with third-party applications like LastPass.

How to set up your Google Analytics account?
Practical tools for tracking Google rankings