Friday, July 12, 2013

Google 2-step verification and how to set up an Android device, a desktop computer and a FirefoxOS phone

Once in a while I push myself to learn how to use security tools to prevent allowing people to steal my data. I wish security chased me and guided me to set things up without my desire to be secure, however, that is a different story.

A while ago, I added 2-step authentication with my Google account and my friend catlee showed me how I could have the Google Authenticator Android app on my phone.

NOTE: To understand 2-step verification visit this site

It took me a while to get used of keeping my phone close by to be able to authenticate. Believe it or not, I can testify that there are people out there that as soon as they get home they put their phones on a desk and walk away from it for hours.

I recently got a Keon Geeksphone running FirefoxOS and I was carrying my Android phone to be able to authenticate. After few days of asking around somebody pointed out the GAuth Authenticator WEB APP (this means that you can also run it in your browser) on Mozilla's Marketplace. At first, I was sceptic because I thought I had to give my Google credentials to a third-party company and that made me very uncomfortable. This was a misunderstanding from my part as I don't have to give my credentials at all.

NOTE: Please excuse me if there is a better workflow or I'm misunderstanding the concept.

Given this background, I will jump straight into the steps that I needed to follow to do this:
VERY IMPORTANT NOTE: Set all your devices all at once with the same key. Every time you create a new key and "verify and save" it, you will be nullifying any previous keys that had been generated. All of your Google Authentication apps should be activated with the same code.
For GAuth you will need to use the key rather than the QR code
  • Besides "Mobile Application" you will see "Android", "iPhone" and "Blackberry"
    • Click on one of them and stick with it
    • "Android" and "iPhone" will show you a QR code, however, you can use a key if you click on "Can't scan the barcode?"
    • GAuth on your FirefoxOS phone
    • "Blackberry" will only show you a key
  • Install Google Authenticator for your Android device
    • Open the app and click on the settings icon at the top right
    • "Set up account"
    • "Scan a barcode"
    • Point your camera at your desktop's browser where you have clicked on the "Android" link mentioned above
  • Install GAuth Authenticator on your FirefoxOS phone or on your desktop through Firefox (Chrome or IE won't work)
    • Open the app
    • Click on the "+" sign
    • Give the account a name
    • Enter the key that Google gives you
NOTE: On your desktop machine, Firefox will install the Web app as a regular application (e.g. /Applications for Mac)

NOTE2: If I install the app through Firefox Beta instead of Nightly, Mac will prevent the app from running the web app due to security concerns. I believe all you have to do is go to the Applications folder and do a right click and click "Open". This should add an exception according to this article.
Happy 2-step authentication!

Creative Commons License
This work by Zambrano Gasparnian, Armen is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

1 comment:

  1. I always save the QR code image (GPG encrypted for security), this is useful when you switch to another device, those applications don't allow to extract the internal saved key (for a good reason) and Google 2 phase authentication is a pain when you need to generate a new key, all application specific passwords are removed, so you need to setup again applications like Thunderbird, XMPP client, etc