Google Authenticator Rocks

OK, “Google Authenticator” is actually the name of the smartphone apps provided by Google. What is it all about? It’s two factor authentication similar to the ones banks use to authenticate users to log in or to perform transactions. Corporate users might also have the same security method using smart card or RSA SecurID to log in to machines or connect to VPN.

The basic idea is simple, you will need your password and the code provided by the apps so that if your password is compromised the malicious user will not be able to log into your account. Plus, you’ll always have your phone with you so you will have this code when you need it.

Here’s how the app looks like on the iPhone:

The code changes in a few seconds (there’s a timer pie on the left that moves to show how long will the code will stay).

This 6 digit code, will be asked when you log in to Google services from the web browser. Don’t worry it will not be every time if you select it to remember trusted machines. It’ll be remembered for 30 days and after that I think it will be asked again (I have just started using it today so I am just guessing the behavior).

Before you Begin

If you use Google services in various places such as in mobile applications (e.g. Google Mobile App), desktop applications (e.g. Google Talk), and other places where two factor verifications aren’t coded yet, you will need some time to set up application specific passwords for each of them so that they will still work. More on this below.

How To Start

It’s easy to activate. One will need to navigate to https://www.google.com/accounts/SmSAuthconfig and follow the on screen instruction.

Official step by step instruction from Google is available here.

It’s a very simple and quick process. Once activated, all other applications not using two factor authentication will automatically be denied access (login fails) and they need to use the application specific password discussed below.

What if I lose my smart phone?

Google thought of everything. Upon signing up, you will be receiving 10 emergency codes to keep safe. These codes need to be kept securely, but accessible, for example in your wallet. Each of them can only be used one time.

You’ll also have the option use a backup phone number for an emergency code to be sent to you via SMS or an automated voice service. Cool eh?

Application Specific Passwords

While setting up two factor authentication takes maybe 2 or 3 minutes, entering application specific passwords may take some time. They each are 12 characters in length. They are used for applications such as Thunderbird, Outlook, mobile mail, GTalk, IM+ mobile app, etc. and the list is endless.

But it’s not that painful, compared to the security it provides (says a paranoid man).

For pictures from other devices (BlackBerry and Android) please head here: TechCrunch: Google Rolls Out Two-Factor Authentication For Everyone. You Should Use It.

So what about you? Are you jumping on the bandwagon? You should. Tell me your experience below.