Definition

Google Authenticator

Contributor(s): Ivy Wigmore

Google Authenticator is a mobile security application based on two-factor authentication (2FA) that helps to verify user identities before granting them access to websites and services. 

Two-factor authentication makes it less likely that an intruder can masquerade as an authorized user. Authentication factors are categories of credentials used to verify that someone or something is who or what they are declared to be. There are three categories: Knowledge factors are credentials that the user knows, typically a user name and password; possession factors are things that the user has, typically a mobile phone; and inherence factors are things that the user is, typically a biometric characteristic such as a fingerprint or an iris pattern.

How does Google Authenticator work?
Authenticator works for any site or service that has enabled two-factor authentication. Like most web-based 2FA applications, the system combines knowledge and possession features. To access websites or web-based services, the user types in his normal username and password and then enters a one-time passcode (OTP) that was delivered to his device, triggered by the login. That combination verifies that the same person entering login data on the site is in possession of the device to which the Google Authenticator app was downloaded. 

Passwords may be easy to crack or otherwise steal but because the vast majority of exploits are conducted via the Internet, it is unlikely that the hacker also has access to the user's physical device.

The Authenticator app is based on the time-based one-time password (TOTP) system specified in the IETF's RFC 6238 document. The TOTP algorithm generates a six-digit passcode that factors in the current time of day to ensure that each passcode is unique. Passcodes are changed every 30-60 seconds for further security. 

See a video demonstration of setting up Google Authenticator:

This was last updated in December 2014

Continue Reading About Google Authenticator

Dig Deeper on Web authentication and access control

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

Extensiones de Documento y Formatos de Documento

Accionado por:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close