Google Authenticator is an application easy to install and configure, which is used in “double factor” authentication processes that are used in various services such as Gmail, Instagram, Twitter, Facebook, among other social networks in addition to applications and websites that They require maximum security to guarantee user confidence, such as wallets and exchanges. This application is considered as a software based on password authentication for single use.
This application offers a six-digit code for the user to enter the system (in addition to his usual password and username) to allow him to access the services he has decided to protect with a “second factor” of authentication. Google Authenticator also generates codes for third-party applications, such as for password managers or file hosting services.
Technical description and how the application Works
The Google Authenticator application contains a series of parameters that help in the generation of authentication codes with single-use passwords, which are destined to several mobile platforms, as well as to a connectable authentication module (PAM). Codes called One-time are created using open standards that are developed by The Iniatitive for Open Authentication (OATH).
The implementations mentioned above, support HMAC-Based One-time password (HOTP) algorithms with specification in RFC 4226, and the Time-based One time password (TOTP) algorithm which is specified in RFC 6238. Here the provider of the service, it starts by generating a secret key that contains 80 bits for each user. This key is supplied as in a kind of “string” of 16 characters encoded in base32, or as a QR code.
The user creates an HMAC – SHA1 message, using the given secret key. The message that is generated is based on the number of periods of 30 seconds passed from Unix epoch, or also, the counter that is incremented with each code that is generated. In this way, a portion of HMAC is extracted and converted into a new 6-digit code.
Important facts about how Google Authenticator Works
The Google Authenticator application shows us a six-digit numerical code that changes every 30 seconds and must be used in order to verify our identity after the session is started. It can be used after having installed the application on the Smartphone and after configuring the account we want to protect. This can be done manually, although it is advisable to scan the QR code, which contains all the account information and its settings (it is important to note that this application can also be used from a desktop computer).
This application is available in Play Store (Android) and in the App Store (iOS), by visiting its official links you can check if they are compatible with our mobile device in addition to viewing user ratings.
Steps to configure Google Authenticator
- Proceed to activate the verification of two steps in the account and display the QR code.
- We scan the QR code with Google Authenticator.
- We log into the website by entering the username and password with which we initially registered.
- We put on the website the numerical code that is displayed in Google Authenticator and that we will see on the mobile screen (it is very important to do it fast because it changes every 30 seconds).
It is important to note that Google Authenticator does not require an internet connection to function. This is how, as the site to which we are trying to log in, for example, Google, already knows the secret key, and, therefore, can replicate the same calculation that generates the numerical code and proceed to compare that it is the same as the one It has already been introduced, if positive, we confirm the identity and log in.
Additionally, the service can remind us on the mobile that we have already used and will not ask for the password. Also, as we mentioned in the previous article about the use of Google Authenticator and Mercury Cash, the use of the application is not absolutely essential since Google has also created an extension for Chrome that works exactly like the application on the cell phone.
What do you think about this topic? Did you know how Google Authenticator works?
If you want more information about the Mercury Cash application you can download it in the following link.
Image from TheDigitalArtist via Pixabay.com under a creative commons license.