4

I'd like to turn on Google's two authentication factor on but first I'd like to understand how it works.

Specifically I'd like to use the Google app for smartphones (btw I checked the FAQ and this is not a question about smartphone but a question where smartphone are on-topic because they interface with a computer).

So I do not want to use the "receive a SMS for authentication".

My question is about the Google app: how does it work? Is everybody downloading a different app or is the app somehow "seeded" for your specific Google account?

Also what happens if you somehow lose your smartphone? How can you then re-install that Google app and how do you re-seed it (if it needs to be seeded)?

Basically I'd like to understand how Google manages to do the equivalent of a RSA device (?) using a Google app.

fixer1234
  • 28,064
Cedric Martin
  • 484

3 Answers3

4

Everyone is downloading the exact same Authenticator app at the same time. When launched for the first time, the app will ask for your Google login information and at the same time generate a unique ID for your phone (kind of like the serial number on RSA devices.) That unique ID will then be linked to your Google account which will be used for two-factored authentication.

If you were to lose your smartphone, that unique ID associate your smartphone to your Google account will be blacklisted on Google'server to prevent anyone who knows your password AND have your smartphone in their possession from logging into your Google account.

superuser
  • 4,247
3

Yes, it's "seeded" to your specific account. If you lose your phone you redownload the software. This destroys the capability of the old software to provide the needed key to get in (it uses the old salt, your newly d/l'd and logged in software uses the new one it just created). You redownload it using the process you used to get it in the first place.

An excellent article is available here.

Sathyajith Bhat
  • 62,374
Everett
  • 6,113
  • 1
  • 24
  • 34
-1

You can use Google Authenticator with a lot of services which support two-factor authentication. When you enable 2FA at service settings you get a QR code. This QR code contains the secret key. You scan it with the Google Authenticator app on your phone so the service and application know the same secret key. Based on this secret key Google Authenticator generates OTPs and the server checks if they are correct. Google Authenticator doesn’t require any internet or network connection. If you don’t want to lose an access to your account when you lose your phone you should save QR code at the moment of token enrollment. Then you will be able to restore your tokens on your new phone. Otherwise, you should contact the support team of services which you protect with Google Authenticator. They will help you to restore an access to your account and you will be able to issue new tokens on your new device.

George
  • 1
  • 1