Google Authenticator (MFA) (2024)

Table of Contents
Add Google Authenticator as a factor Enroll Google Authenticator in a multifactor policy Add a policy Edit a policy End-user experience If your device can scan QR codes: If your device can't scan QR codes: Important considerations Related topics FAQs

Google Authenticator is an app that provides a Time-based One-time Password (TOTP) as a second factor of authentication to users who sign in to environments where multifactor authentication (MFA) is required.

Admins add Google Authenticator to the list of accepted factors in Okta. Then, users who select it to authenticate are prompted to enter the time-based, six-digit code they see in the Google Authenticator app in Okta.

See Also
What is Step Up Authentication? | Security Wiki6 Reasons You Need Multi-Factor Authentication (MFA) | Expert InsightsMFA vs. 2FA: what’s the difference?Should You Store Your 2FA Tokens in Your Password Manager?

Add Google Authenticator as a factor

  1. In the Admin Console, go to SecurityMultifactor.
  2. In Factor Types, click Google Authenticator.
  3. Click Inactive in the upper right and then select Activate.
  4. Enroll Google Authenticator in a multifactor policy.

Enroll Google Authenticator in a multifactor policy

  1. In the Admin Console, go to SecurityMultifactor.
  2. On the Factor Enrollment tab, add a new or edit an existing multifactor policy.

Add a policy

  1. Click Add Multifactor Policy.
  2. Enter a name.
  3. Assign to groups.
  4. Set Google Authenticator to Optional or Required.
  5. Click Create Policy.
  6. To add one or more rules to the policy, see Configure an MFA enrollment policy.

Edit a policy

  1. Select the policy that you want to edit, and then click Edit.
  2. In Effective factors, set Google Authenticator to Optional or Required.
  3. Click Update Policy.
  4. To add one or more rules to the policy, see Configure an MFA enrollment policy.

End-user experience

  1. Go to the Apple App Store or the Google Play Store and install Google Authenticator on your device.
  2. In the web browser on your computer: When signing in to Okta or accessing an Okta-protected resource, enter your credentials and then click Next.
  3. On the Setup security authenticators page, click Set up.
  4. Select your device type, and then click Next.
  5. Perform the QR code scanning steps that apply to you:

    If your device can scan QR codes:

    1. Don't click Next in the browser yet; instead, on your mobile device, launch Google Authenticator.
    2. In Google Authenticator, tap the + sign.
    3. Tap Scan a QR code and then point your camera at the QR code displayed in the browser on your computer. Your device camera scans the QR code automatically.
    4. In the web browser on your computer, click Next.
    5. In the Enter Code field, enter the setup key shown in Google Authenticator on your mobile device.
    6. Click Verify.

    If your device can't scan QR codes:

    1. Don't click Next in the browser yet.
    2. In the web browser on your computer, click Can't scan.
    3. In the field above the Next button, make a note of the string of numbers and letters.
    4. On your mobile device, launch Google Authenticator.
    5. Tap the + sign.
    6. Tap Enter a setup key.
    7. In the Account field, enter your Okta username.
    8. In the Key field, enter the string of numbers and letters that you made a note of earlier.
    9. Tap Add. The message Secret saved appears.
    10. In the web browser on your computer, click Next.
    11. In the Enter Code field, enter the setup key shown in Google Authenticator on your mobile device.
    12. Click Verify.

Important considerations

  • The time on the end user's device might not be the same as the time on the clock in the Google Authenticator app. The Google Authenticator app allows a time difference on the end-user device of up to two minutes earlier or later than the time in the Google Authenticator app.

  • After five unsuccessful authentication attempts, regardless of the time between the attempts, the user account is locked and the admin must reset it.

Related topics

Configure an MFA enrollment policy

Google Authenticator (MFA) (2024)

FAQs

Is Google Authenticator good enough? ›

The Google Authenticator 2FA app only secure if you enable Privacy Screen and build in a reliable backup. The most secure 2FA method uses a physical security key, but for a free option, authenticator apps are recommended over text message-based 2FA, which is vulnerable to SIM swap attacks.

Read On
What is the disadvantage of Google Authenticator? ›

Lack of encryption

For example, if a cybercriminal happens to access your 2FA QR code, which is the secret key used to generate one-time codes, they will be able to generate the same one-time code. This issue can lead to huge security risks for users such as account takeover or data leakage.

Discover More Details
What is the security flaw in Google Authenticator? ›

In 2020, an Android malware strain was reported as extracting and stealing one-time passcodes generated through Google Authenticator. The app has also been previously flagged for lacking a passcode or biometric lock on the app itself, increasing the danger a lost device poses to an organization.

Continue Reading
Is Google forcing MFA? ›

Currently, you can turn off 2-Step Verification after it's turned on automatically, but signing in with just a password makes your account much less secure. Soon, 2-Step Verification will be required for most Google Accounts.

See Details
What is better than Google Authenticator? ›

Other important factors to consider when researching alternatives to Google Authenticator include user interface and security. The best overall Google Authenticator alternative is LastPass. Other similar apps like Google Authenticator are 1Password, Cisco Duo, Auth0 by Okta, and Ping Identity.

Find Out More
What is the best 2 factor authentication method? ›

Here are some of the most effective 2FA methods: 1 SMS or Text Message Codes widely supported, easy to implement 2 Time-based One-Time Passwords (TOTP) widely supported by authenticator apps 3 Universal Second Factor (U2F) Security Keys: Physical key highly secure against phishing attacks 4 Biometric Authentication: ...

Tell Me More
Can hackers get past Google Authenticator? ›

The method universally accepted as most secure is via external authenticator app. External authenticator apps like Microsoft Authenticator or Google Authenticator don't use codes, so no codes can be intercepted.

Show Me More
Why does Google authentication fail? ›

If you sign in with an invalid email, Google can throw an error. Retrace your steps and try again or contact our team for assistance!

Explore More
How secure is Google two-factor authentication? ›

Tip: Although any form of 2-Step Verification adds account security, verification codes sent by texts or calls can be vulnerable to phone number-based hacks.

Continue Reading
Why 2-step verification is not safe? ›

2FA can be vulnerable to several attacks from hackers because a user can accidentally approve access to a request issued by a hacker without acknowledging it. This is because the user may not receive push notifications by the app notifying them of what is being approved.

Show Me More

Is Google Authenticator deprecated? ›

This node has been deprecated and its use is not recommended. Please search for updated nodes instead. This nodes authenticates to Google services specified in the node settings.

Read The Full Story
Can Google Authenticator be trusted? ›

Use a trusted device: You should only use Google Authenticator on a trusted device that you own and control. Using the app on a public or shared device can compromise the security of your account.

See Details
Which MFA should be avoided? ›

Passwords as part of MFA

While it's not feasible for every company to give up passwords cold turkey, you should at least avoid pairing them with another knowledge factor. For example, companies sometimes use security questions as a password recovery method, but these are even less secure than passwords.

Get More Info Here
Why is SMS not recommended for MFA? ›

Enterprises are at greater risk due to the large volumes of sensitive data and financial assets. SMS-based MFA vulnerabilities can lead to significant breaches, financial loss, and damage to reputation. Enterprises must adopt stronger MFA solutions to protect their digital infrastructure.

Continue Reading
Why is Google forcing me to do two-step verification? ›

Google may ask you to verify your account for security reasons, especially if it detects unusual activity. Regardless of whether you want to change your phone number or disable two-step verification, you need to log in to your Google account first. If you can't log in, you won't be able to make any changes.

View More
What is the benefit of using Google Authenticator? ›

Authenticator apps offer several advantages over other forms of two-factor authentication. First, they work offline, meaning you don't need an internet connection to generate code. Second, they are more secure than SMS-based authentication because short message service (SMS) can be intercepted.

View Details
Is Google Authenticator better than SMS authentication? ›

Authenticator apps generate 2FA codes locally on a device, rather than sending them unencrypted over text message. The 2FA codes in authenticator apps also change every 30 to 60 seconds, which makes them difficult for cybercriminals to steal. SMS authentication sends 2FA codes unencrypted over text message.

See More
Can I use Google Authenticator instead of Microsoft Authenticator? ›

After you enable MFA for your account, you can set up Google Authenticator to work with Microsoft 365: Choose your sign-in method: Go to the Security info page and select 'Add sign-in method. ' Choose the 'Authenticator app' as the method to proceed.

Learn More
Top Articles
Whitelisting emails from Kraken | Kraken
Stunning photos show what it's really like to work deep underground in an American coal mine
Joliet Patch Arrests Today
Week 2 Defense (DEF) Streamers, Starters & Rankings: 2024 Fantasy Tiers, Rankings
Is pickleball Betts' next conquest? 'That's my jam'
Guardians Of The Galaxy Showtimes Near Athol Cinemas 8
Triumph Speed Twin 2025 e Speed Twin RS, nelle concessionarie da gennaio 2025 - News - Moto.it
Robinhood Turbotax Discount 2023
Naturalization Ceremonies Can I Pick Up Citizenship Certificate Before Ceremony
Self-guided tour (for students) – Teaching & Learning Support
Morgan Wallen Pnc Park Seating Chart
4Chan Louisville
Trini Sandwich Crossword Clue
Craigslist Pikeville Tn
Mail.zsthost Change Password
Vermont Craigs List
Locate At&T Store Near Me
Hocus Pocus Showtimes Near Amstar Cinema 16 - Macon
Craigslist Mt Pleasant Sc
Nurse Logic 2.0 Testing And Remediation Advanced Test
Glenda Mitchell Law Firm: Law Firm Profile
Vegas7Games.com
Where to eat: the 50 best restaurants in Freiburg im Breisgau
Yonkers Results For Tonight
Xfinity Cup Race Today
Rubber Ducks Akron Score
Weldmotor Vehicle.com
Pioneer Library Overdrive
Wrights Camper & Auto Sales Llc
What Sells at Flea Markets: 20 Profitable Items
manhattan cars & trucks - by owner - craigslist
Dentist That Accept Horizon Nj Health
Bursar.okstate.edu
Mega Millions Lottery - Winning Numbers & Results
Breckie Hill Fapello
Omnistorm Necro Diablo 4
Zero Sievert Coop
Viewfinder Mangabuddy
Los Garroberros Menu
Claim loopt uit op pr-drama voor Hohenzollern
Main Street Station Coshocton Menu
Rage Of Harrogath Bugged
Busted Newspaper Campbell County KY Arrests
Top 40 Minecraft mods to enhance your gaming experience
Pulaski County Ky Mugshots Busted Newspaper
Craigslist/Nashville
St Vrain Schoology
The Great Brian Last
Craigslist Cars For Sale By Owner Memphis Tn
Estes4Me Payroll
Competitive Comparison
Cheryl Mchenry Retirement
Latest Posts
Online Banking Security: How To Protect Your Online Banking Information
6 ways to save on Ethereum gas fees on Bankless
Article information

Author: Fr. Dewey Fisher

Last Updated:

Views: 5929

Rating: 4.1 / 5 (42 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Fr. Dewey Fisher

Birthday: 1993-03-26

Address: 917 Hyun Views, Rogahnmouth, KY 91013-8827

Phone: +5938540192553

Job: Administration Developer

Hobby: Embroidery, Horseback riding, Juggling, Urban exploration, Skiing, Cycling, Handball

Introduction: My name is Fr. Dewey Fisher, I am a powerful, open, faithful, combative, spotless, faithful, fair person who loves writing and wants to share my knowledge and understanding with you.