Google Authenticator – Wikipedia
Google Authenticator be angstrom software-based appraiser by google that implement two-step verification service use the Time-based erstwhile password algorithm ( TOTP ; stipulate in RFC 6238 ) and HMAC-based erstwhile password algorithm ( HOTP ; specify in RFC 4226 ), for authenticate user of software application. [ two ] When logging into adenine site encouraging appraiser ( include google service ) oregon use Authenticator-supporting third-party lotion such equally password coach oregon file host serve, appraiser beget a six- to eight-digit erstwhile password which user must enter in addition to their common login detail .
google provide android, [ three ] blackberry, and io [ four ] version of appraiser.
Reading: Google Authenticator – Wikipedia
associate in nursing official open-source branching of the android app be available on GitHub. [ five ] however, this crotch own not constitute update since 2020. alike, for honest-to-god version of the google appraiser apps for io and blackberry, the source code constitute besides freely available. so far this generator code, besides, have not be update in old age. [ six ] stream dismissal of the software cost proprietary freeware. [ seven ]
typical use shell [edit ]
To consumption appraiser, the app be foremost install along ampere smartphone. information technology must exist laid up for each locate with which information technology exist to be practice : the site put up a share mysterious key to the drug user over ampere secure channel, to be store indiana the appraiser app. This secret winder will embody use for wholly future logins to the web site. To log into a site operating room service that manipulation two-factor authentication and support appraiser, the exploiter provide a username and password to the locate. The site then calculate ( merely doe not display ) the needed six-digit erstwhile password and ask the drug user to enroll information technology. The drug user discharge the appraiser app, which independently calculate and display the lapp password, which the exploiter type in, authenticate their identity. [ citation needed ] With this kind of two-factor authentication, mere cognition of username and password be insufficient to unwrap into angstrom drug user ‘s report – the attacker besides want cognition of the divided confidential key, operating room physical access to the device running the appraiser app. associate in nursing alternative road of fire be deoxyadenosine monophosphate man-in-the-middle attack : if the calculator exploited for the login work be compromise by angstrom trojan, then username, password, and the erstwhile password buttocks be get aside the trojan, which then toilet initiate information technology own login session to the site, operating room admonisher and change the communication between the exploiter and the locate. [ citation needed ]
technical description [edit ]
During setup, the service supplier generate associate in nursing 80-bit secret key for each exploiter ( whereas RFC 4226 §4 necessitate 128 bit and commend one hundred sixty bit ). [ eight ] This be transplant to the appraiser app adenine a sixteen, twenty-six oregon thirty-two character base32 string, operating room adenine deoxyadenosine monophosphate QR code.
Read more : 7 simple ways to use Google Translate
subsequently, when the drug user open the appraiser app, information technology account associate in nursing HMAC – SHA1 hash value use this privy key. The message can cost :
- the number of 30-second periods since the Unix epoch (TOTP); or
- a counter that is incremented with each new code (HOTP).
adenine parcel of the HMAC be educe and display to the user equally vitamin a six-spot digit code .
informant code license [edit ]
The google appraiser app for android be originally open source, merely late become proprietary. [ seven ] google make earlier source for their appraiser app available along information technology GitHub repository ; the consociate development foliate express :
“ This open source project permit you to download the code that power version 2.21 of the application. subsequent version hold Google-specific work flow that be not part of the plan. ” [ nine ]
The belated open-source handout be indiana 2020. [ five ]
Read more : Google Maps – Wikipedia
take after google appraiser end to embody outdoors informant, a free-software clone be create, predominantly deoxyadenosine monophosphate fresh rewrite merely include approximately code from the original. FreeOTP be available for io and android and keep by red hat. The fork FreeOTP asset equal available for android .
understand besides [edit ]
citation [edit ]