Google Authenticator

You're really starting to run out of reasons to not use Google's two-step authentication. An update today to the Google Authenticator application adds the ability to turn on two-step authentication without having to scan a QR code or re-enter your password on the device. Quickier, easier, and more important than ever, folks.

If you've yet to turn on two-step authentication, you need to do so today. (And you'll also want this app.)

 

Reader comments

Google makes turning on two-step authentication even easier

26 Comments

I'll have to check it out. I originally used the 2-step verification when it was first released, but stopped due to the hassle. With the recent security problems I have seen come up I started using it again. I wish hotmail/outlook had something like this.

They're going to have to be careful they don't make this process too easy. While I'm all for making things more streamlined when they make it simple to authenticate they make it that much easier to break that authentication.

I use 2-step but get codes via SMS since I heard there were issues with the original app, guessing they've been resolved with v2?

Love the app. I've been using it for the past month, I've added dropbox to the authenticator, now facebook should get in on it.

Yep, yep. I've been using two-step and Authenticator since day one (more like day three, but anyway) with my first and current Android phone. A bit of an inconvenience to re-validate trust on various computers (work, home), and I had to reauthenticate my phone after the update, BUT ... two-step auth means my Drive contents and other Google-hosted apps data is protected.

No excuses, people. Get it. Be sure to set it up on your tablet as well as your phone, it's easiest to do when you have both in hand.

@Paleogirl2003 I've used Authenticator since December 2011, and not had any problems to speak of.

@Trevorz Wait ... Dropbox can use it? >:) Hit Dropbox's help, went to Settings, Security, (Two-step) Change ... done. But ... Dropbox gives you a backup code that you "save" somewhere, which invites users to save the backup code insecurely. I use Lastpass so no worries, but I wish they would use a two-step e-mail verification method instead. :P

this is excellent news!!!! the 2 step verification was annoying but a must have at the same time. now that they've smoothed things out, it will definitely be the best thing in terms of protection.

I wish that when you needed to authenticate, after entering in your password google sent a push notification to your device and you could just press (allow, or deny) Having to enter in a security key being displayed by an authenticated device just seems unnecessary.

i have yet to hear what you're supposed to do if you are away from home and traveling and lose your phone. the backup code is long, obscure, and hard to remember - which means you'll have to write it down and keep it with you - defeating the purpose and actually making even more of a security hole.

so for example if you're traveling to Hong Kong and your bags and phone gets lost/stolen - and you are locked out of your Gmail account - WTF are you going to do? now to make matters worse now only do you not have your phone - you have no access to your primary email account either - so you've lost your two major modes of communication. three if you use Google Voice.

I have a backup code printed out folded up on a tiny piece of paper in my wallet. I don't really feel it is much of security hole as any thief who were to take my wallet wouldn't have a clue what it was for.

Furthermore when you set it up it asks you for a trusted friends phone number so it can text them a backup code if you need it.

and what happens if your wallet gets lost/stolen too?

answer - you're left holding nothing but your dick in your hands.

this is going to be a risk no matter what 2-factor authentication you use. whether it be google or some kind of keychain code... if the device gets lost, you're screwed. If you're afraid of lockout overseas too far away from your backup phone number, then your only choice is to disable it. Maybe use a "overseas" email instead. Or give fastmail a whirl, they have various login methods (OTP, read only mode, etc).

When I first used 2-step is was more of a hassle/disaster than it was useful. I've heard of so many stories of people getting locked out of their accounts despite being the owner and having the auth program/codes.

I've been using two-factor authentication before Google became popular, so it's been a while, but Google makes it easier, and I am also using their library/code on my own Linux boxes for SSH authentication. I guess mine will get updated soon.

Thank you for the helpful write-up, Phil. I'm seriously considering this now.
Like others, I tried Google Authenticator in it's earlier days, and screwed myself over by not remembering what exactly I had done. I'm going to pay more attention this time. :-)

yeah, this app doesn't work for me either. I bought into the hype of 2 step authentication and I like it but this app doesn't work. I click on my account and it says to log in with a computer to complete the set up. It's already set up on my account....LAME

Yea, I've tried google's 2 step a few times, and I find that the two step authentication that Facebook and Blizzard use to be much more user friendly while still maintaining the security.

If Google's two step ever gets to the point of Facebook's or Blizzard's, I'll start using it again.

I want to use it. I know it's a good idea. But I can't fight the feeling that Google's going to make this a huge pain in the ass that causes more problems than it prevents. I've been kind of browsing the anecdotal evidence and what I'm finding is a 50/50 split between "gotta have it!" and "screwed me over!"

I'm just worried about how it'll work when flashing new ROM's. The last thing I want is a headache after flashing a new or updated ROM each time.

Surprised at the number of people having trouble setting this up on here... It's not so easy you can do it with your eyes closed, but it's certainly easy (my parents did it if that means anything :) )

Totally worth it, and for those worried about losing access, that can only really happen if you don't set it up right. For instance, if I lose my phone and I have google SMS me backup codes, I'll just port my phone number to another line. Problem solved, locked out for like 24 hours. That's a pretty extreme situation too...

You can also add backup phones, like a SO's device.

looks good so far. Just set it up and the code has randomly changed on the app several times. Great tool and happy birthday, Google