How does Google Authenticator work ?And how good/bad is it?

AsB · Nov 8, 2023

I want to protect some of my accounts, after I saw a few posts of getting the accounts hacked, even with 2FA enabled. I found that using an Authenticator is a better choice.

However, I am skeptical because, what happens if I

lose my phone ?
change my mobile number ?
both ?
both 1 and 2 and I lose access to backup codes, but my mail Gmail account is intact ?

Am I locked out of account forever ?

akshayhs · Nov 8, 2023

Stay away from Google authenticator. I highly recommend you to rather choose Authy.

It covers all bases that you have listed in the post.

AsB · Nov 8, 2023

akshayhs said:
Stay away from Google authenticator. I highly recommend you to rather choose Authy.

It covers all bases that you have listed in the post.

Some sites dont support Authy. How to use Authy in those case ?

akshayhs · Nov 8, 2023

AsB said:
Some sites dont support Authy. How to use Authy in those case ?

What do you mean some sites don't support Authy? It's just a QR code scanner that remembers your 2FA codes for any site you configure. I personally have many 2FA codes generating on it.

habibmy · Nov 8, 2023

AsB said:
I want to protect some of my accounts, after I saw a few posts of getting the accounts hacked, even with 2FA enabled. I found that using an Authenticator is a better choice.

However, I am skeptical because, what happens if I

lose my phone ?

change my mobile number ?

both ?

both 1 and 2 and I lose access to backup codes, but my mail Gmail account is intact ?

Am I locked out of account forever ?

Your Authentication code will be also backed up with your google account.

demigox · Nov 8, 2023

AsB said:
I want to protect some of my accounts, after I saw a few posts of getting the accounts hacked, even with 2FA enabled. I found that using an Authenticator is a better choice.

However, I am skeptical because, what happens if I

lose my phone ?

change my mobile number ?

both ?

both 1 and 2 and I lose access to backup codes, but my mail Gmail account is intact ?

Am I locked out of account forever ?

Tl;Dr: Create an account on authy, it backs up all your account codes. You won't be locked out as long as you remember the Authy credentials which it asks regularly so you don't forget.

Long version:
The website you are trying to setup 2FA on will display a QR code which essential contains a code for TOTP (time based OTP). When you scan that code with your authenticator app it will start showing 6 digit code for your account. This 6 digit code will renew every 30 seconds.

This authenticator app can be Google Authenticator, Authy, or a password manager. It doesn't matter which app you use for TOTP, they all will give the same code at any particular time.

Authy always had an edge over GA because it makes an encrypted backup of all your codes and you could install Authy on a new device and would get the same codes without any new setup. However recently, Google authenticator has also started cloud backup but they are not encrypted "yet". I personally prefer Authy.

I used to use Google Authenticator around 8-9 years ago but moved authy in 2016. Since 2020 I have been using Yubikeys (yubico.com) wherever they are supported because they are hardware keys and are immutable.

2FA security level:
SMS OTP < Time based OTP (Google authenticator or authy) < Hardware FIDO keys (yubikeys)

aayusharyan · Nov 9, 2023

A good thing about being a software engineer. I was able to build my own app for storing these TOTP/HOTP and stuff. And of course I use yubico as my additional factor in case I don't have access to my app at any point.

aayusharyan · Nov 9, 2023

AsB said:
I want to protect some of my accounts, after I saw a few posts of getting the accounts hacked, even with 2FA enabled. I found that using an Authenticator is a better choice.

However, I am skeptical because, what happens if I

lose my phone ?

change my mobile number ?

both ?

both 1 and 2 and I lose access to backup codes, but my mail Gmail account is intact ?

Am I locked out of account forever ?

This was my concern too around 3-4 years ago where I started my own journey to build a product (That time Google Authenticator didn't had the sync feature). Initially I thought I would launch it to the general public, but then later decided not to as I couldn't properly get it polished enough for releasing (and new apps were launched). Till date, even 4 years later, it's still not ready for public. 🙈

BTW, here's a teaser if you folks wanna see what I was planning.

COSMOCRAT · Nov 9, 2023

Aegis, 2FAS, and Authy (in order) are the most recommended ones. Backup and transfer between devices by 2FAS was the most reliable and seamless, as long as you don't forget your main password.

habibmy · Nov 10, 2023

Catalyst said:
Aegis, 2FAS, and Authy (in order) are the most recommended ones. Backup and transfer between devices by 2FAS was the most reliable and seamless, as long as you don't forget your main password.

Store it in vault.

vine · Mar 15, 2024

I use Aegis. It's good and also opensource. But no cloud backup (some like me, prefer manual backup, to avoid blood the sucking companies).

IMO, for 2FA,
SMS <<< TOTP (closed source: MS, Google, Lastpass, Authy) < TOTP (open source: Aegis) < hardware keys (like yubi)

How does Google Authenticator work ?And how good/bad is it?

AsB

TF Legend

akshayhs

TF Legend

AsB

TF Legend

akshayhs

TF Legend

habibmy

TF Select

demigox

TF Buzz

aayusharyan

TF Legend

aayusharyan

TF Legend

COSMOCRAT

TF Premier

habibmy

TF Select

vine

TF Legend

Forum statistics

Share this page