• Hey there! Welcome to TFC! View fewer ads on the website just by signing up on TF Community.

How does Google Authenticator work ?And how good/bad is it?

Apply For Lifetime Free IDFC First Credit Card
AsB

AsB

TF Ace
I want to protect some of my accounts, after I saw a few posts of getting the accounts hacked, even with 2FA enabled. I found that using an Authenticator is a better choice.

However, I am skeptical because, what happens if I

  1. lose my phone ?
  2. change my mobile number ?
  3. both ?
  4. both 1 and 2 and I lose access to backup codes, but my mail Gmail account is intact ?
Am I locked out of account forever ?
 
akshayhs

akshayhs

TF Ace
AsB said:
Some sites dont support Authy. How to use Authy in those case ?
Click to expand...
What do you mean some sites don't support Authy? It's just a QR code scanner that remembers your 2FA codes for any site you configure. I personally have many 2FA codes generating on it.
 
  • Like
Reactions: AsB
H

habibmy

TF Premier
AsB said:
I want to protect some of my accounts, after I saw a few posts of getting the accounts hacked, even with 2FA enabled. I found that using an Authenticator is a better choice.

However, I am skeptical because, what happens if I

  1. lose my phone ?
  2. change my mobile number ?
  3. both ?
  4. both 1 and 2 and I lose access to backup codes, but my mail Gmail account is intact ?
Am I locked out of account forever ?
Click to expand...
Your Authentication code will be also backed up with your google account.
 
  • Like
Reactions: AsB
D

demigox

TF Buzz
AsB said:
I want to protect some of my accounts, after I saw a few posts of getting the accounts hacked, even with 2FA enabled. I found that using an Authenticator is a better choice.

However, I am skeptical because, what happens if I

  1. lose my phone ?
  2. change my mobile number ?
  3. both ?
  4. both 1 and 2 and I lose access to backup codes, but my mail Gmail account is intact ?
Am I locked out of account forever ?
Click to expand...
Tl;Dr: Create an account on authy, it backs up all your account codes. You won't be locked out as long as you remember the Authy credentials which it asks regularly so you don't forget.

Long version:
The website you are trying to setup 2FA on will display a QR code which essential contains a code for TOTP (time based OTP). When you scan that code with your authenticator app it will start showing 6 digit code for your account. This 6 digit code will renew every 30 seconds.

This authenticator app can be Google Authenticator, Authy, or a password manager. It doesn't matter which app you use for TOTP, they all will give the same code at any particular time.

Authy always had an edge over GA because it makes an encrypted backup of all your codes and you could install Authy on a new device and would get the same codes without any new setup. However recently, Google authenticator has also started cloud backup but they are not encrypted "yet". I personally prefer Authy.

I used to use Google Authenticator around 8-9 years ago but moved authy in 2016. Since 2020 I have been using Yubikeys (yubico.com) wherever they are supported because they are hardware keys and are immutable.

2FA security level:
SMS OTP < Time based OTP (Google authenticator or authy) < Hardware FIDO keys (yubikeys)
 
Last edited:
  • Like
Reactions: AsB
aayusharyan

aayusharyan

TF Ace
A good thing about being a software engineer. I was able to build my own app for storing these TOTP/HOTP and stuff. And of course I use yubico as my additional factor in case I don't have access to my app at any point.
 
aayusharyan

aayusharyan

TF Ace
AsB said:
I want to protect some of my accounts, after I saw a few posts of getting the accounts hacked, even with 2FA enabled. I found that using an Authenticator is a better choice.

However, I am skeptical because, what happens if I

  1. lose my phone ?
  2. change my mobile number ?
  3. both ?
  4. both 1 and 2 and I lose access to backup codes, but my mail Gmail account is intact ?
Am I locked out of account forever ?
Click to expand...
This was my concern too around 3-4 years ago where I started my own journey to build a product (That time Google Authenticator didn't had the sync feature). Initially I thought I would launch it to the general public, but then later decided not to as I couldn't properly get it polished enough for releasing (and new apps were launched). Till date, even 4 years later, it's still not ready for public. 🙈

BTW, here's a teaser if you folks wanna see what I was planning.
 
COSMOCRAT

COSMOCRAT

TF Premier
Aegis, 2FAS, and Authy (in order) are the most recommended ones. Backup and transfer between devices by 2FAS was the most reliable and seamless, as long as you don't forget your main password.
 
vine

vine

TF Premier
I use Aegis. It's good and also opensource. But no cloud backup (some like me, prefer manual backup, to avoid blood the sucking companies).

IMO, for 2FA,
SMS <<< TOTP (closed source: MS, Google, Lastpass, Authy) < TOTP (open source: Aegis) < hardware keys (like yubi)
 
You must log in or register to reply here.
Apply For SBI Cashback Credit Card

Similar threads

Abhi5467
Google Chrome Spying
Replies
11
Views
440
mrbanker
mrbanker
AsB
How is this laptop for occasional office use and consume content from YouTube and stuff ?
Replies
10
Views
363
sai99488
sai99488
M
how can convert Business Regalia LTF
Replies
1
Views
166
Gaara
Gaara
AsB
Good apps for storing Website links and Passwords ?
Replies
18
Views
532
vine
vine
S
Bhashini: A Google Translate Alternative
Replies
3
Views
425
the_dark_knight
the_dark_knight
Top