2-step authentication, sometimes also called 2-factor authentication, adds a second authorization step to the sign in process or other processes on the Internet. This blocks many login related attack forms like brute forcing or phishing that are common on today's Internet as attackers not only need the username and password of the account, but also another code that is generated on the fly during the log in process.
Companies like Google, Facebook or Microsoft, use mobile phones for that. Google account owners for instance can either get a SMS message containing the code when they sign in on a device that is not registered yet, or run an app on the phone instead to generate the code directly. A backup code is generated during setup of 2-step verification on Google in case the phone gets lost or stolen.
GAuth Authenticator is a browser extension, app and online service that offers another option. It allows you to generate secret keys locally, which may be useful if you do not have your phone with you. Tokens are stored in localStorage on the computer, so that it should only be used on a device that you trust and have control over.
The app is available for Symbian, Windows Phone, webOS and Android devices. It does not really make sense to install the app on an Android device, considering that Google Authenticator, the official app, is also available for the operating system. For devices where the official Google app is not available, it may be an option provided that you trust the author of it. The developer has released the source code on Github where it can be analyzed by users proficient enough to do so.
The Chrome app is listed on the Chrome Web Store, and according to information posted there, no data is transmitted which indicates that everything is handled offline.
I can see me using this app as a last resort if everything else fails. Even with the release of the source code I'd feel uncomfortable using the program unless there is no other option available. What about you? Would you use a third party program like this? (via Caschy)
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.