Friday, November 18, 2011

Google authenticator

Google is bringing two-factor authentication to the masses: the Google Authenticator project. This is an open source implementation of pluggable authentication modules (PAM) and one time password generators for mobile devices.

One time password (OTP) are often small dongles. RSA, Vasco and Yubico are well known vendor of this hardware (with RSA getting hacked recently).

Google itself has two-step authentication already for a while. The two-step authentication uses an SMS of voice call to send an 6 digit code. For a while now, Google is using the one time password generators on mobile devices itself (although I can't get it working for my own Google account).

Also other are adopting it, e.g. Lastpass is also supporting Google authenticator. To be clear, Google is not used for the actual authentication, only the (open source) implementation of Google is used.

No comments: