Google is one of those tech companies who put out a ton of a ton of great services and applications. Their claims of fame include Search (obviously), Gmail, Drive (formally Docs), Maps, Voice, and Picasa. One of their lessor known, but perhaps most valuable and unsung hero of Google's offerings is Google Authenticator.
Google Authenticator is a mobile app for iOS, Android, and Blackberry which gives users 2 factor authentication by generating a one-way hashed 6 digit code that changes every 30 seconds. I won't get into the specifics on how it works since it's not exactly in the scope of this blog post, but if you're really interested you can read RFC's mentioned Â at the Google Code site. Speaking of the Google Code site: Authenticator is completely open source so it's been worked on by people other than just Google and has been reviewed and scrutinized by the security community. Libraries for Authenticator are available for a slew of languages so it's relatively Â easy to integrate 2FA into your application or project. It's something that I want to dive a bit more into in the future with my upcoming projects.
So now you know what it is and so here's why you should use it. One of the flaws in passwords and authentication to services is that your password alone is relatively isn't safe. Anyone can either guess it, steal it and social engineer it out of you and this is true even if it's a "secure" password with multiple different characters with different case. Google Authenticator gives you an extra layer of security (the second factor in 2 Factor) which proves to the service that the person logging on as you is 99% you (Hey you can steal my phone along with my passwords, right?). Generally though, next to biometrics (in my opinion) this is the most secure way to use services with critical information such as your email, online banking, and more.
It's super simple to set up for a number of sites and services, Just download the free app from the Apple App Store or Google Play Store and start configuring it (which often is just scanning a QR code) with the available services you use. Google, Facebook, Evernote, Â Dropbox, Github, Microsoft account, and many more!Â Personally I use mine with the services mentioned plus I have my Ubuntu server setup to ask for a 6 digit code generated by Authenticator for when I SSH into it. Whenever I attempt to login to one of these sites I'm promptedÂ for a 6 digit code. Yes, it'sÂ a pain to have to pull out my phone every time I want to log into Facebook, you do give up connivence for security, but it helps me sleep easy at night knowing that if anyone were to get or figure out my passwords, they still couldn't get into my stuff. Don't let you password be your only line of defense against evil doers on the internet! Use some sort of 2 factor authentication!