What is Google Authenticator?
Long gone are the days when nobody was aware of online threats and a simple password was enough to protect your accounts. Nowadays, an account without two-factor authentication (2FA) enabled is considered insecure. There are many authentication apps on the market, with Google Authenticator being the most popular one. Here’s what you need to know about it.
Why do you need two-factor authentication?
More than 40 billion records were exposed in data breaches in 2021, making it the worst year for cybersecurity ever. A significant part of these records are stolen passwords that ended up on the dark web. As we discuss in our dark web case study, hackers can make a lot of money selling your stolen data. If you use passwords to secure your accounts without any additional protection, you’re putting yourself at risk. Threat actors can buy a list of leaked or stolen credentials, and if your credentials are included, they could take over your accounts.
When you have 2FA enabled, the chances of exposing your accounts are much lower. Two-factor authentication means that after typing your password, you also need to authenticate yourself via a text message, token, or app.
While tokens and text messages have lost their credibility over the years, authentication apps are considered the most secure way of verifying your identity. Microsoft Authenticator, Authy, and Duo Mobile are a few well-known names on the authentication market. But let’s focus on Google Authenticator.
How does the Google Authenticator app work?
When you set up two-factor authentication on an account you want to protect with Google Authenticator, the app generates a six-digit code that you need to enter to log in. For security reasons, the code changes every 30 seconds, so you don’t have a lot of time to enter it. The app works on Android and iOS.
You can set up two-factor authentication with Google Authenticator on popular services like Gmail, Instagram, Facebook, Twitter, and LinkedIn. When you open the app, you can see all the services linked with your Google Authenticator account.
The app also allows you to transfer your connected accounts from your old smartphone to a new one, so you don’t need to set up everything from scratch.
Is Google Authenticator safe?
Google Authenticator is considered to be a safe app. However, two-factor authentication is not a panacea for all security ills, and Google Authenticator should also be used while keeping its limitations in mind .
The app itself is not secured with a password, so if your smartphone is stolen, wrongdoers can access your codes without any additional effort. While the chances this will happen to a regular person are low, a targeted attack on a high-net-worth individual may be more likely.
How to add an account to Google Authenticator
Before setting up Google Authenticator, go to the security settings of a service you want to protect with 2FA. Look for a QR code or a key, which you will need later for connecting with Authenticator.
- Go to the App Store or Play Store and install Google Authenticator.
- Open the app and tap “Get started.”
- Tap “Scan a QR code” or “Enter a setup key.”
- Scan/enter the code provided by your service provider.
- Your account will now be visible in your app. In order to add more accounts, tap the plus sign.
How to transfer codes to a new phone
On your old phone:
- Open the Google Authenticator app and tap the three dots in the upper right corner.
- Select “Transfer accounts.”
- Tap “Export accounts” and then confirm your identity.
- Select the account you want to transfer and tap “Next.” Your phone will show a QR code, which you will need to scan with your new device.
On your new phone:
- Open the Google Authenticator app and tap “Get started.”
- Tap “Import existing accounts?” in your app.
- Select “Scan QR code” and then scan the code generated by your old phone. That’s it.
3 secure ways to back up Google Authenticator
Google Authenticator doesn’t provide any backup options if you lose or break your smartphone. This means you won’t be able to access your accounts when logging in from an unrecognized device or browser. Here are three workarounds that may save you trouble in the future.
Copy backup codes
Most services that offer a 2FA option also provide users with backup codes. If you can’t authenticate yourself via Authenticator, you can enter the code and confirm your identity. However, this only works if you have copied the backup codes before and kept them in case something happens.
If you use 2FA on multiple services, it’s inconvenient to copy the codes for each of them. Keeping the codes on your computer or printing them is also not the best cybersecurity practice. A better option is to store them in an encrypted file vault like NordLocker.
Save Google Authenticator QR code
When you’re setting up your Google Authenticator, you can make a screenshot of the QR code. Make sure to use NordLocker or other encryption service to keep it from prying eyes. Storing this QR code in your email, notes, or gallery is not a good idea.
Use a programmable token
Programmable tokens work like authentication apps: they show you a code that you need to enter in order to identify yourself. While tokens are more secure than the methods mentioned above, it requires an extra effort to acquire a token and program it.
A handful of authentication apps like Authy offer cloud backup, making the code recovery process smoother.
Want to read more like this?
Get the latest news and tips from NordVPN.