Google Authenticator

From Wikipedia, the free encyclopedia

Google Authenticator implements TOTP security tokens from RFC6238 in mobile apps made by Google, sometimes branded "two-step authentication". The Authenticator provides a six digit one-time password users must provide in addition to their username and password to log into Google services. The Authenticator can also generate codes for third party applications, such as password managers or file hosting services. Some versions of the software are open source.

Implementation

Google provides Android,^[1] BlackBerry and iOS,^[2] versions of Authenticator. See two-step verification for other implementations by third parties.

Technical description

The service provider generates an 80-bit secret key for each user. This is provided as a 16 character base32 string or as a QR code. The client creates an HMAC-SHA1 using this secret key. The message that is HMAC-ed can be:

the number of 30 second periods having elapsed since the Unix epoch; or
the counter that is incremented with each new code.

A portion of the HMAC is extracted and converted to a 6 digit code.

Pseudocode for Time OTP


 function GoogleAuthenticatorCode(string secret)
     key := base32decode(secret)
     message := floor(current Unix time / 30)
     hash := HMAC-SHA1(key, message)
     offset := last nibble of hash
     truncatedHash := hash[offset..offset+3]  //4 bytes starting at the offset
     Set the first bit of truncatedHash to zero  //remove the most significant bit 
     code := truncatedHash mod 1000000
     pad code with 0 until length of code is 6
     return code

Pseudocode for Event/Counter OTP


 function GoogleAuthenticatorCode(string secret)
     key := base32decode(secret)
     message := counter encoded on 8 bytes
     hash := HMAC-SHA1(key, message)
     offset := last nibble of hash
     truncatedHash := hash[offset..offset+3]  //4 bytes starting at the offset
     Set the first bit of truncatedHash to zero  //remove the most significant bit 
     code := truncatedHash mod 1000000
     pad code with 0 until length of code is 6
     return code

Open Source status on Android

The Authenticator app as available on Google's Android app market is proprietary, as explained on the project's development page:

"This open source project allows you to download the code that powered version 2.21 of the application. Subsequent versions contain Google-specific workflows that are not part of the project."^[3]

An independent fork of the Android version of the software named OTP Authenticator^[4] has been created, which is based on the last version of the open source code that had been provided by Google. Another Open Source fork named FreeOTP^[5] has been published by Red Hat.

Usage

Google Authenticator can be used for the following websites and applications:

Amazon Web Services
Asia Nexgen
App.net^[6]
ArenaNet for access to Guild Wars and Guild Wars 2
Bitstamp^[7]
Bitcoin.de
Blockchain.info
BTC-e.com
CaVirtEx.com
Cex.io^[8]
CipherGraph Networks^[9]
Coinbase
Dashlane^[10]
DigitalOcean^[11]
Dreamhost control panel^[12]
Dropbox^[13]
Drupal (Plugin is needed)
Evernote^[14]
Eclipse Mining Consortium
Facebook^[15]
Gaia Online
GitHub^[16]
Google Apps
Google Mail
Joomla (from 3.2 it is built-in)^[17]
LastPass^[18]
Linode^[19]
LinOTP^[20]
LocalBitcoins
Linux (through libpam-google-authenticator)^[21]
Microsoft account
Mt.Gox^[22]
Okcoin
Salesforce.com
Synology
SupportPoint (Version 3).
TACACS.net
Teamviewer (Version 9).
WordPress (S-CRIB OTP Authenticator or Google Authentication plugins needed)
Xat
XenForo (Add-on is needed)

References

External links

Google Authenticator on Google Help
Google Authenticator open source project on Google Code
Google Authenticator implementation in Python on Stack Overflow

v t e Google

History of Google Don't be evil

Advertising	Ad Manager AdMob Adscape AdSense Advertising Professionals AdWords Analytics DoubleClick Reunion Offers Wallet

Communication	Alerts Apps Script Calendar Cloud Connect Contacts Friend Connect Gmail history interface Google+ Groups Hangouts Orkut Sync Talk Translate Voice

Software	Chrome Chromecast Chrome Web Store Chrome OS Chromebook Chrome Zone Cloud Print Currents Earth Sky Moon Mars Gadgets Goggles IME Pinyin Japanese Keep Now OpenRefine SketchUp Toolbar

Platforms	Account Android Google Nexus App Engine Apps Marketplace Authenticator BigTable Body Books Caja Chromecast Google Compute Engine Google Contact Lens Custom Search Dart Earth Engine Glass Go GFS Native Client OpenSocial Play Public DNS Google TV Wallet

Development tools	AJAX APIs App Inventor AtGoogleTalks Closure Tools Code Gadgets API GData Googlebot Guava Guice GWS KML MapReduce SketchUp Ruby Sitemaps Summer of Code Web Toolkit Webmaster Tools Website Optimizer Swiffy

Publishing	Trimble 3D Warehouse Blogger Bookmarks Docs Drive FeedBurner Map Maker Panoramio Picasa Web Albums Sites (JotSpot) YouTube (Vevo) Zagat

Search (PageRank)	Appliance Audio Blog Search Books Library Project eBooks Finance Images Maps Street View Timeline Privacy concerns Competition Locations News Patents Scholar Shopping Usenet Voice Search Web Search History Personalized Real-Time Instant Search SafeSearch Analysis: Insights for Search Trends Knowledge Graph

Discontinued	Aardvark Answers Browser Sync Base Buzz Checkout Click-to-Call Code Search Desktop Dictionary Dodgeball Fast Flip Gears GOOG-411 Jaiku Knol Health iGoogle Image Labeler Labs Latitude Lively Mashup Editor Notebook Pack Page Creator Picasa Picnik PowerMeter Q & A Reader Script Converter SearchWiki Sidewiki Slide Google Squared Updater Urchin Videos Video Marketplace Wave Web Accelerator

People	Larry Page Eric Schmidt Sergey Brin John Doerr John L. Hennessy Raymond Kurzweil Ann Mather Paul Otellini Ram Shriram Shirley M. Tilghman Al Gore Rajen Sheth

Project Category Commons Wikiversity

This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.