designsoliman - Fotolia


The Google Authenticator app packs a two-step verification punch

There's a reason two-step verification is everywhere; it's an easy way for IT admins to authorize user accounts. The Google Authenticator app can make it easier to manage single accounts across multiple devices.

Administrators who need to verify Microsoft accounts may want to turn to the Google Authenticator app, which proves useful in an enterprise setting.

Microsoft ties services together under a single account that incorporates programs such as Skype, OneDrive and Outlook. Even Windows computers now fall under the single account umbrella, unless they are specifically configured to use a local login. To help protect this uber account, Microsoft authentication involves two-step verification through emails, text messages or authenticator apps such as Google Authenticator.

Basics of two-step verification

As enterprise workers have been steadily becoming more mobile, protecting their accounts has become more critical than ever for IT. Two-step verification can be an important part of an organization's security strategy, providing a relatively inexpensive and effective way for IT to authorize users working from different devices. For example, an Office 365 administrator can enable two-step verification on individual user accounts. Then, when those users log in, they will be prompted to set up two-step verification for their specific devices.

The idea of two-step verification is not new. Most customers using a credit or debit card at a gas pump must enter a zip code or PIN, using a form of two-step verification. Microsoft has implemented similar logic to make it more difficult for an unauthorized individual to access a service using someone else's account.

Google Authenticator works across a wide range of services.

Microsoft's two-step verification requires two forms of identity: the user's password and a time-sensitive passcode the user receives via email, text or authenticator app. After the user has enabled two-step verification on an account, the first time they log in to the Microsoft site or connect to a Microsoft service from a device, they must provide the password and passcode. After that, they only need the password for subsequent logins.

Because the authentication passcode is time-sensitive, a user has a limited period of time to use the most current passcode. For example, the Google Authenticator app generates a new validation passcode every 30 seconds for each registered service, making it harder for a hacker to access permanent data, such as a stored password. Even if a malicious third-party individual were to discover that passcode, it would likely expire before he could use it.

Using Google Authenticator

Google Authenticator is a free app available to iOS, Android and BlackBerry devices and can work offline.

Authenticator apps depend on a secret seed shared by the app and server and are therefore susceptible to hacking, though. For example, if a cybercriminal were able to access the data center where the server resides, the authenticator codes could be vulnerable. An authenticator also requires that the device running the app is present each time users log on to a service that requires the passcode.

When verifying their Microsoft accounts, users can choose which authenticator to use. Many turn to Google Authenticator because they use it for their consumer apps and services, already have it installed and are familiar with how to use it. This also makes it easier for IT admins who have to support those users because there is less training and support involved.

The Google Authenticator app works across a wide range of services. As a result, users need only one app for their two-step verification needs. The Microsoft authenticator is specific to Microsoft services, which means users would need multiple apps if they're using an authenticator for more than one product.

But Google Authenticator does not work on Windows phones. If users are limited to Windows phones, they'll need to use the Microsoft app. However, they're free to use Google Authenticator for their Microsoft accounts assuming they have one of the supported devices readily available.

Google has streamlined and improved the Authenticator app to make it easier to authenticate Microsoft and other accounts Perhaps the biggest improvement is the built-in barcode scanner, which makes setting up the initial authentication process much easier.

Although two-step verification means extra effort on the part of the user, it is worth it over the long haul, and authenticator apps such as Google Authenticator can make this process easier, especially when using it for multiple services. In this way, users get the kind of flexibility they've come to expect in the age of mobility. They can use their Firefox browsers to access Microsoft services on their MacBook Pro computers, while running Google Authenticator on their Samsung smartphones to provide the validation passcodes they need to authenticate to their Microsoft accounts.

Next Steps

Two-step verification vs. two-factor authentication

Pokémon GO finds Google authentication flaw

The push for stronger, multifactor authentication

Dig Deeper on Enterprise mobile security