Test devices:
Samsung Galaxy Nexus
Android Version: 4.1.1
Root: Yes
Modifications: Yes / Popcorn Kernel 11.5
Samsung Galaxy Tab 10.1
Android version: 4.0.4
Root: Yes
Modifications: None
App details:
Runs as of: Android 2.1
Apps2SD: Could not be detected
Size: Ca. 0.9 MB
Optimised for Ice Cream Sandwich / Jellybean: Yes
Optimised for tablet: No, but runs well
Permissions strike us as being totally kosher.
We keep being bombarded with horrific stories of people having their online accounts hacked, and while this might not be the end of the world where some services are involved (like, who cares if someone hacks your Spotify account) but Google accounts is an entirely different story. Many Android / Google users store a lot of important or even sensitive information and data on their Google accounts (and that includes Gmail, YouTube, Google Drive, Google+, Picasa...), and no one wants to find out what were to happen if the wrong person managed to hack an account. Speaking for myself, this would be almost on par to someone physically breaking into my home.
Saving lots of things to a cloud is convenient, I'm not disputing this. That said, experts warn of massive security issued that come with cloud systems. Cyber criminality os more anonymous and difficult to pursue, which is why we should all try to create as many safety nets and protective systems to keep our virtual property safe. This is where Google Authenticator comes in to play.
The idea behind this app is simple: if and when you log in to a Google account (email and password) you will be prompted to insert an additional number sequence which is generated by the Google Authenticator app which is synced with Google servers. This means Google “knows” which code the app has generated and is therefor valid.
Our tip: download the app on to a device you tend to use a lot. You will have to activate the 2 step verification in your Google account settings and select Android in the device section. Scan the QR code with the Google Authenticator app and voilà! the app is set up. While this is as simple as it sounds, it's actually not explained clearly and it took me a minute or two to figure out where to obtain the QR code (the answer: it has to be generated within the settings). You have to verify your device once and then once the app is open it will generate a stream of sequences of numbers, lasting 30 seconds. These sequences are then used in the 2 step verification once you have entered your password.
The code appear for 30 seconds on the display, and then comes a new code. Every code is valid for about one minute. Private devices can also be verified as “secure”, meaning you can skip the 2 step verification.
Here's a round-up of my tips on how to get the most out of this app and make your device as secure as possible:
- Mark only your own, private devices as “safe”.
- Surf and sign into accounts using the incognito or private mode when on public computers or devices.
- Never select “remember password” when not accessing an account from your own, private computer or device.
- Sign out of a session once you're done.
This in combination with Google Authenticator should help protect your virtual property.
Bottom line:
The Google Authenticator is a great and no fuss means for keeping Google accounts safe and secure. I whole heartedly recommend it.
good