How to Use Google Authenticator with Android
If you are not practicing a reliable login protection mechanism such as using the mobile Google Authenticator app, you are leaving your accounts at risk for breach or even theft. Let's see how simple the remedy is.
Why Use Google Authenticator?
Having impossible to guess or hard to crack passwords for your online accounts can never be secure enough in today's world, where technology is growing rapidly not only for good and useful things, but also for bad and potentially hurtful things. You may have the world's strongest password, but if it is stolen somehow, you are almost always good to say a permanent goodbye to your account, and all the information, files and financial properties, if any, within.
Here is where the Google Authenticator comes into play, by acting as a second, and more powerful measure -compared to having a strong password- in protecting the safety of your online accounts and making one level further sure that nobody other than you can access them without your authorization. Especially for financial websites, such as banks, exchanges and payment platforms where you control your money or other type of commodities, having a protection of this nature is necessary.
How Does Google Authenticator Work?
Basically, you download and install Google Authenticator app on your phone or tablet, then you activate 2FA (Two-Factor Authentication) on the website where you want to protect your account. After that, whenever you try to log in to your account on that website, after entering your username and password, it will ask you to enter the code you will get from the authenticator app on your device.
In other words, it functions as a 2-step verification system, or 2 layers of security, the first one being your username-password combination, and the second one being the authenticator code. Without that code, even if someone was able to steal your login credentials, unless they also have your phone, the chances of them logging to your account will be close to zero. Why not exactly "zero", I'll explain later.
Now, let's see each step in detail below.
STEP 1: Download Google Authenticator app to Your Android Device
First things, first: You need to download the Google Authenticator app to your Android phone or tablet, or both if you intend to use it on both of your devices. Actually, it may be safer to have it on more than one device of yours, where you have the same Google Account active, in case you lose or get one of your devices stolen.
On your phone or tablet, open Play Store. Type "Google Authenticator" in the search box and click the search button. Once the app page is opened -make sure it says "Google LLC" under the app title-, click the Install button to start the download and installation process. Click Accept when it asks for access to your Camera. I don't know why it needs camera access; I believe it may be for an upcoming feature.
Here is the URL of the Google Authenticator app, in case you might want to get familiar with it before installing:
STEP 2: Activate 2FA for Google Authenticator on the Website
In order to protect your account with Google Authenticator on a website, the website must have two-factor authentication option for Google Authenticator. Make sure that the website of your account has it. Nowadays, a growing number of major websites do have it, particularly financial websites. It can usually be found on account settings or security settings page.
Every website may have a different interface and settings flow; therefore, rather than sharing screenshots of how to enable it on a certain website, we will briefly describe how it works in general.
1. Open the Two-Factor Authentication settings page of the website. It will display a QR code, and an account token key. On your phone, open the Google Authenticator app and click Begin button.
Add an Account page will appear, which will have two options: Scan a barcode and Enter a provided key. Remember to note down the account token key as you may need it at a later time, to use with Enter a provided key option, in case you lose your phone or uninstall the Google Authenticator app afterwards.
2. If you opened the website on a computer, select Scan a barcode option and focus your phone's camera on the QR code on the screen. It will provide you with a temporary 6-digit key on your phone. Enter that key on the website where it asks the 2FA code. If you opened the website on your phone, select Enter a provided key option and enter the account token key the website provided next to the QR code.
3. Depending on the website's other security settings, they may send you either an email or an SMS to confirm 2FA activation on your account.
Following the above steps, you can add as many website logins as you want to your GA app.
How to Use Google Authenticator Token During Login
After securing your account on a website with 2FA, you will be using the Google Authenticator app in addition to your username and password, at every login. The login flow will be as follows:
1. Open Google Authenticator app on your phone. You will see a blue circle timer like the following, next to your website account entry:
2. Open the website where you will login and enter your login credentials. Press Log In button when there is enough time on the blue circle timer.
3. Click the Log In button, and enter the code the app provides (065919 in the above example).
This code changes in about every 20 seconds and if you do not type it fast enough after entering your login credentials, it will not work. You will simply need to try again.
Now, the only way for someone who has your login credentials to get into your account without having your phone is that they will need to quickly and correctly guess the 6-digit 2FA code the app produces. Though it is not impossible, it is highly unlikely. That's why I said above, the chance is close to zero, and not totally zero.
Other Uses of Google Authenticator
Google Authenticator is not only good for protecting logins. It can be used for any account, security and financial related critical actions such as changing passwords, generating API keys, confirming money transfer or withdrawals, changing sensitive account settings and more.