In a world where even disposable passwords are hackable, using two-factor authentication apps is critical to account security.
In this article, you will learn how to use Google Authenticator.
Imagine a world in which any novice hacker could easily monitor your every move, listen to your calls, read your text messages, and empty your bank accounts in minutes; Just leave the house without having to, and maybe even a continent on the other side.
Of course, there is no need to imagine; Because we live in such a world right now; Also because of the security hole in a protocol called SS7 (Signaling System No. 7) that all countries in the world use in their mobile network.
For many years, hackers have been able to access the text of text messages and phone calls and their location only with the help of this security hole and only by having a mobile phone number.
In one case of eavesdropping on a text message, the hacker was able to easily access the victim’s “two-factor authentication” codes sent to the victim’s smartphone, posing a serious threat to his or her security.
The use of dynamic passwords sent via SMS was once thought to be the most secure, But hackers can access this password through a security hole in the SS7 protocol or other methods; Therefore, cybersecurity experts have come up with a solution to protect their two-factor authentication code or 2FA.
In this way, the dynamic password is no longer texted to the user; It is displayed on the phone through the application and the only way for a hacker to access this code is physical access to the phone. Numerous applications have been developed in this area; But one of the safest and simplest is Google Authenticator, which in this article we will fully introduce and explain how to use to protect your bank and email accounts and social networks.
What is Google Authenticator?
Two-factor authentication, as the name implies, is a method in which the user must enter another factor to authenticate themselves in addition to the usual password to log in to the online account or application.
Cybersecurity experts divide authentication factors into three groups: What you know (for example, password); ۲. What you have (for example, a mobile phone);
3. What you are (for example, a fingerprint or any other biometric method). In the 2FA method, instead of one factor (what you know), two factors (what you know + what you have) are considered, namely the password and access to the phone, thus preventing hackers from infiltrating online accounts.
Simply put, two-factor authentication is an additional layer of security in which unique code is displayed in a specific application on a user’s mobile phone or other smart devices.
Having this code, along with a password and username, is required to log in to accounts where the 2FA method is enabled.
One of the top applications in this field is Google Authenticator, which is designed and published by Google’s familiar company and is used for any website or service that has two-factor authentication capabilities.
For example, all the major social networking websites such as Twitter, Instagram, Facebook, Gmail, and the number of accounts Rmzarz like Kvynbys and Baynes of 2FA support and activate the procedure for protecting these accounts is critical.
The Google Authenticator app generates a one-time six-digit password that is updated every 30 seconds.
The time limit of this code means that if the cybercriminal somehow manages to access your one-time use code, this code is only valid for 30 seconds and will not work after this time.
Google Authenticator and apps like it have no access to your accounts and will not connect to the site after the initial code transfer. The job of this application is just to generate code and it does not require telecommunication services or even the Internet.
In addition, since the protocol used by these applications is based on the same standard, the code created in Google Authenticator can be used to log in to any account, including Microsoft.
In other words, these codes are not limited to Google products and apply to any website or service that supports the 2AF method.
Compared to apps with similar functionality, Google Authenticator only supports two general features, namely generating 2AF code and exporting account information to another phone; For this reason, it is very easy to work with.
All you have to do is log in to your favorite account with your username and password as usual. Then go to the section for activating the 2AF feature and scan the displayed QR code with this application. This will connect your account to the app, so you will need to enter the code that appears in the app to log in to your account.
For convenience, we have explained how to enable 2FA for Google Account in the following. Other websites follow similar steps, and you only need to find the two-factor authentication section, which is usually located in the Account Security section.
Warning: Even if enabling 2FA seems tedious, it is best to enable this feature for any account that supports it. If you do not, the hacker who has access to your account password may do so. In this case, although it is not impossible to recover the account, it will certainly take more time than you, and as long as the control of your account is in the hands of a hacker, it will probably cause you a lot of trouble.
Also, note that not having access to the mobile device running the Google Authenticator application means not having access to the accounts that are connected to the application. We recommend that you install this application on another phone or download backup codes from connected accounts.
Google Authenticator app download link
The Google Authenticator app is available for both Android and iOS, and you can download and install it for free from your App Store or Google Play on your phone.
Install Google Authenticator
The steps to set up the Google Authenticator app are very simple. After downloading and installing the application on your smartphone or tablet, you do not need to open the application.
1. First, from another computer or phone, or tablet, enter the page related to activating two-factor verification or two-step authentication (two-step authentication) of the website and activate this feature. This feature is usually located in the Security section of the account.
2. After this step, look for the option to use the authenticator app and click on it.
3. When launching 2FA, you are usually asked to scan the QR code; For this reason, you need another computer or phone, or tablet to enable this feature on your account. If you do not have access to another device or your phone’s camera does not work, you can select the up setup key گزینه option instead of the QR code.
4. Now open the application. Click Get Started to go to the “Setup your first account” page.
5. Select the startup method. This step depends on the website for which you plan to enable 2FA. The QR code scanning option is the most common startup method.
If you encounter a QR code when activating the 2FA method on a website, select the Scan a QR code option on the app.
6. If you are faced with a string of letters called “setup key”, select Enter a setup key from the application.
7. Now scan the QR code displayed on the website with your phone.
8. For the Enter a setup key option, first select the desired name for your account and enter the key manually in the bottom bar. Then, press the add button.
8. Once verified, the account will connect to the Google Authenticator app.
9. From now on, every time you open an application, you are faced with a six-digit code. This code is required to complete the login step to the connected account. Note that this code changes every 30 seconds. If the numbers displayed on the application change while typing the code, delete the written code and use the new code.
10. To add new accounts to the app, press the “+” button at the bottom of the page and select Scan a QR code (to scan the QR code) or Enter a setup key (to enter the startup key).
Learn how to use Google Authenticator for your Google Account
Perhaps the most important account you need to activate 2FA today is your Google Account; Because you have probably used your Gmail address to create an account on many websites, hacking your Gmail account also jeopardizes the security of the accounts connected to it. Here’s a step-by-step guide to enabling two-factor authentication for your Google Account. Other accounts follow more or less the same steps.
1. Open the Google 2-factor authentication page and click Get Started.
2. Enter your Google Account password and click Next.
3. At the bottom of the page, find the Authenticator app section and click SET UP.
4. On the page that opens, specify the type of your phone (Android or iPhone) and click Next.
5. You will see a QR code on the screen. If it is possible to scan, scan the code; Otherwise, click Can’t scan it to display a code instead.
6. At this point, go to the phone and open the application. Select the Scan a QR code option to scan the displayed QR code. If you selected Can’t scan it in the previous step, in this step select Enter a setup key and enter the displayed code manually. This will add your account to the app.
7. Now click Next on the Google Authentication page.
8. On this page, enter the six-digit code displayed on the app and click Verify.
9. On the page that opens, you will be asked to use the code created in the Google Authenticator application to log in to your Google Account. Click Done.
Two-factor authentication is now enabled for your Google Account. Therefore, if a hacker with your password wants to log in to your Google account, in the next step, he needs to open an application and enter the six-digit code on which your account has been verified; But because the hacker, fortunately, does not have access to your phone, he can not log in to your account.
Benefits of using Google Authenticator
Although not all websites support two-factor authentication, it’s a good idea to enable this security feature on every website that supports it. This indeed adds a step to the process of logging in to your online accounts, remember that by doing so you are protecting your account from being hacked by hackers.
If you do not want to enable this feature for all your accounts, we suggest that you enable it for your email accounts. Most of your accounts will be safe as long as your email security is not compromised.
Using Google Authenticator greatly increases the security of sensitive information by eliminating the sending of code via SMS that hackers can read. As you can see in this article, it is very easy to set up and use, and with a few simple steps, you can make it almost impossible for hackers to access your accounts.
In addition, this application does not require an antenna or Internet network to generate code, and it is also useful in airplane mode.
If you still have doubts about the importance of this security method, it is best to read the story of what happened in 2012 to Matt Hahnen, WIRED senior author, and within an hour, his entire digital life was destroyed.
First, his Google account was hacked and completely deleted, and then his Twitter account. Finally, hackers logged in to his Apple ID account, remotely deleted his iPhone, iPad, and MacBook data.
The reason for this was that all these accounts were connected. The hackers entered Hannah’s Amazon account, accessed his Apple ID account information, and entered his Gmail account, which allowed them to access his Twitter account.
According to Hahn, none of this would have happened if he had enabled two-factor authentication for his Google Account; Because the main purpose of the hackers was to get the three-letter username of his Twitter account, and the information of his other accounts was deleted to not be able to regain control of his Twitter in any way.
It has been a decade since 2FA was made available to all Internet users; But many people are still satisfied with the same simple password, which is 123456 in most cases, and even use the same password for several accounts. Such bad habits easily endanger the cybersecurity and sensitive information of users and make the life of hackers much easier. Enabling two-factor authentication with apps like Google Authenticator is a surefire way to prevent hackers from infiltrating your accounts.
Pros of Google Authenticator
- Powerful and almost unbreakable cryptography
- free download
- Android and iOS support
- No need for a phone antenna
- No need for WiFi
- Easy to set up and use
Cons
– Losing the device without backup means not having access to the account
– Requires program installation