2-factor authentication for your web app using Google authentication

View Profile

AuthorDilip MeraniProject Coordinator

When off-the-shelf technologies fall short, Dilip steps in with his mastery in crafting custom WordPress plugins and JavaScript solutions. His innovative approach and expertise in navigating complex tech challenges make him an indispensable asset for bespoke software development needs.

2 Factor Authentication for Your Web App Using Google Authentication

With every hack, every breach, every lost or stolen phone, online users experience a similar feeling: How do I enhance my online security?

Usernames and passwords – no matter how unique they might be – are not poised to protecting your accounts and devices anymore. What’s even worse, more than 65% of users use the same password everywhere, making it incredibly easy for hackers to breach your account.

So, the question arises, what you can do to enhance your online application security?

We often use Google authentication as a Gmail address is so ubiquitous, web applications can send users to google to authenticate their identity, users who have 2-factor authentication enabled to get into the app only when they authenticate using their Google accounts.

Google Authenticator offers you an extra layer of protection, in addition to passwords, to drastically reduce the chance of a security breach in your web application.

What is Google Authenticator and how does it work?

Google Authenticator is a popular, free mobile security application based on two-factor authentication (2FA) that works to verify user identities before granting them access to websites and services. To access any website or web-based services, the user needs to type his normal username and password. Once done, the user then enters the code, typically a six-digit password that is delivered to their smartphone triggered by the login and is sent to the phone via text, voice call, or the mobile app. If the user has a security key, it can be inserted into the computer’s USB port.

The code received on your phone is explicitly created for your account and only when you need it. This code can only be used one time and expires in 30 seconds.

This verifies that the same person entering login to any website or website service is in possession of the device or security key to which the Google Authenticator app was downloaded.

However, if you are using the same device for all your work, Google Authenticator will only ask for your password when you sign-in. But, when you or anyone else tries to sign in to your account from another

computer, the app will again ask for the verification.

The two-step verification allows you to secure your account with something you know (password), and something you have (Security key or your phone).

Features of the app

  • The app sends verification codes to your cell phone via text message or Google can call your cell or landline phone with your verification code.
  • It can generate verification codes even when your device has no phone or data connectivity.
  • Users can use a Security key for advanced protection.
  • Backup codes can be printed or downloaded when your phone is unavailable, for example, when you travel.

Google Authenticator is a must-have for:

  • Online Banking
  • Online Shopping
  • Cloud Storage Accounts (Dropbox, Box, Sync)
  • Email (Gmail, Yahoo, Outlook)
  • Social Networks (Facebook, Twitter, Linkedin, Tumblr)
  • Password Managers (LastPass)
  • Communication Apps (Skype, Mailchimp)

Google Authenticator’s purpose is to make attackers’ life harder and make it more difficult for cybercriminals to breach your account. If you already follow basic password security measures, Google Authenticator will help reduce fraud risks because most cyber crimes are conducted via the Internet, and it is highly unlikely that the cybercriminal will also have access to your physical device.

Speak with us about your digital needs

Reach us