What is Google Authenticator (and how to use it)

How To
By published

One of the most popular forms of token-based 2FA is Google Authenticator. Here's how to use it.

You should have two-factor authentication (2FA) turned on wherever you can, but there's a more secure way to do it than having text messages sent to your phone.

The alternative is an authenticator app, and one of the most popular of those comes from Google. It's called, unsurprisingly, Google Authenticator.

The app, which is available for both iOS and Android smartphones, scans QR codes on participating websites to create 2FA codes that serve as a second level of protection when you log in.

Each site is different, but a site that works with Google Authenticator (or similar apps like Authy) will have an option to scan the QR code when setting up 2FA. You then open Google Authenticator, press the + button, and scan to add the account.

In the app, you'll have a constantly updating 2FA numerical code, usually 6 digits long, that you can use without having it texted to you. When you sign in to the account, enter that code, and voila, you're in. Most sites will have you verify that the code in Authenticator is working before you start using it to log in.

The benefits of an app like Google Authenticator, besides not having an SMS message hijacked, are that you have all of the codes in a central location and that they're available all of the time, even when your phone is offline.

In fact, Google says that forcing qualified account holders to use 2FA cut the rate of account takeovers by 50%.

How to transfer Google Authenticator to a new phone

Until recently, Google Authenticator made you start from scratch all over again when you got a new phone. But as of May 2020, you can easily transfer all your authenticator "seeds" directly from one Android phone to another. 

You'll need to have both phones with you to do this, and both will need to have the latest version of the Google Authenticator app installed. 

In the Authenticator app on the old phone, tap the menu icon in the upper right and select Transfer Accounts. Select Export Accounts, enter your phone's PIN or your fingerprint, and select the accounts to be exported. 

Your old phone will then generate its own QR code. Keep that on the screen, open the Authenticator app on the new phone and go to Transfer Accounts again.  Select Import Accounts, then Scan QR code. Scan the QR code on the old phone with the new phone's camera, and you'll be all set.

If an iPhone is involved in any step of this procedure, you'll have to use a desktop or laptop computer instead. Go to your Google Account page, select Security in the left-hand navbar, select 2-Step Verification, scroll down to Authenticator app and select "Change phone." 

Select the kind of phone you are transferring the accounts to, and then the website will generate a QR code that you can scan.

UPDATED with Google 2FA adoption results. This story was originally published in March 2018.

TOPICS
Andrew E. Freedman
Andrew E. Freedman

Andrew E. Freedman is an editor at Tom's Hardware focusing on laptops, desktops and gaming as well as keeping up with the latest news. He holds a M.S. in Journalism (Digital Media) from Columbia University. A lover of all things gaming and tech, his previous work has shown up in Kotaku, PCMag, Complex, Tom's Guide and Laptop Mag among others.