Talk:Google Authenticator

Can be used for ... ??
Facebook is in the list, I have turned on 2-step, but not with Google Authenticator, but with SMS to my mobile. I think it should be taken out, as I did not find any instruction on how to use GA. Edoderoo (talk) 21:23, 10 March 2013 (UTC)
 * It doesn't use the same Android Google Authenticator app, but it is compatible. I just tried it. I followed these steps:
 * Log into Facebook on a desktop computer, and go to your Settings menu, select Security on the left-hand sidebar. Edit the Login Approvals section. Click on "Using an Android or iPhone? Set up Code Generator", and click on the "Having trouble?" button. Click "Get key". On your device running Google Authenticator, prepare to set up a new account in the Authenticator. In Android, this is Menu > Set up account > Enter key provided. Enter the key provided after you press "Get key". Leave the option "Time-based". You'll then get an opportunity to test the key. edit: I also noticed that there's a set of instructions dated January 2013 in the citation next to the Facebook entry (at this time citation number 7) --BurritoBazooka (talk) 13:16, 12 May 2013 (UTC)
 * OK, then it was there for a good reason! Edoderoo (talk) 17:29, 12 May 2013 (UTC)

Usage
There is a trend toward more and more online companies enabling two-factor authentication (and especially Google Authenticator). This list could easily be hundreds of services long by the end of this year if it stays comprehensive. Wouldn't it be better to describe the types of services that support Google Authenticator and maybe list a few from each category? — Preceding unsigned comment added by Ramigem (talk • contribs) 22:37, 11 June 2013 (UTC)


 * Yes. This. A thousand times this. Describing classes of services is much better than listing every single one-off addition. It is indiscriminate and trivia. Am keen to remove the section entirely unless there is compelling rationale for maintaining it. -- dsprc   [talk]  18:00, 27 June 2016 (UTC)
 * Perhaps a new article with a list of services that use 2FA? That list has been very useful to me when seeing what services use the Authenticator. It is also worth noting that Google Authenticator is only one app that can be used, Authy is another (some say superior) and I'm sure there is more out there. ~ Ablaze (talk) 07:03, 28 June 2016 (UTC)


 * Don't know if a new article would be acceptable either... see: WP:SAL (related bureaucratic stuff in WP:Lists). Besides, there are hundreds of thousands of services using two-factor authentication; is like listing services that use SSL/TLS... also sourcing concerns with such a list. It may be helpful in tracking deployments but am unsure if we're the proper venue for it. Maybe Wikia or something similar? (assuming strict, totalitarian control over inclusion of entries) Wikia has pretty good ranking in search engines too. -- dsprc   [talk]  12:17, 28 June 2016 (UTC)

Blacklisted Links Found on Google Authenticator
Cyberbot II has detected links on Google Authenticator which have been added to the blacklist, either globally or locally. Links tend to be blacklisted because they have a history of being spammed or are highly inappropriate for Wikipedia. The addition will be logged at one of these locations: local or global If you believe the specific link should be exempt from the blacklist, you may request that it is white-listed. Alternatively, you may request that the link is removed from or altered on the blacklist locally or globally. When requesting whitelisting, be sure to supply the link to be whitelisted and wrap the link in nowiki tags. Please do not remove the tag until the issue is resolved. You may set the invisible parameter to "true" whilst requests to white-list are being processed. Should you require any help with this process, please ask at the help desk.

Below is a list of links that were found on the main page:


 * https://cex.io/r/1/johs633new/0/
 * Triggered by  on the global blacklist

If you would like me to provide more information on the talk page, contact User:Cyberpower678 and ask him to program me with more info.

From your friendly hard working bot.—cyberbot II  Talk to my owner :Online 03:48, 14 May 2015 (UTC)

RFC compliance
The article claims Google Authenticator implements RFC 6238, however this is untrue and isn't properly cited. The software implements something similar to RFC 6238, however patently isn't compliant with RFC 4226's requirements (required by RFC 6238) due to using an 80-bit shared secret, as detailed here: https://security.stackexchange.com/questions/45053/why-does-google-cripple-the-2fa-google-authenticator-pam-module and can been observed at https://github.com/google/google-authenticator/blob/f0d1574734b5855d4a604d58be25fc1159563b66/libpam/google-authenticator.c. According to my own discussions with Google a few years ago when I noticed this myself, this is 'by design'. I'd suggest, unless we can provide a positive non-first party citation for it being compliant with RFC 6238 (true or otherwise), we either remove all reference to it or point out it only claims compliance, rather than actually being compliant. - Rushyo  Talk  12:52, 4 August 2015 (UTC) (As an aside, today is my 10th Wikibirthday!) - Rushyo   Talk  12:53, 4 August 2015 (UTC)


 * I have just noted that this issue was apparently fixed on 31 May 2016 with this commit to the Google Authenticator source. A 128-bit secret is now used. I suggest this should be updated in the article. NoRelation (talk) 09:25, 1 June 2024 (UTC)

Clearing the MSB of the result
Somehow I ended up clearing the MSB in my code. The StackOverflow example appears to do the same, but the pseudocode makes no mention of it. This would effectively offset some of the tokens by 483648. — Preceding unsigned comment added by 194.116.196.23 (talk) 07:28, 23 August 2017 (UTC)

Siapa aku
Aku novijune Luh Putu Novi Juniati (talk) 06:38, 23 November 2017 (UTC)

Please don't remove ports
The comparison page is incomplete and has no references. Stopcensorshipnow (talk) 19:45, 11 July 2019 (UTC)

Other authentication software
This section doesn't really belong here, and is full of external links. I don't have the time myself (and lack wide and deep expertise on the topic), but I suggest splitting this article and either creating a new one for Third-party authenticator, which currently redirects to Multi-factor authentication, or a separate section in that article.
 * I removed the section. I considered it not worth moving it to a new list article because it was based on inline external links rather than wikilinks to existing articles. -Lopifalko (talk) 07:48, 3 March 2021 (UTC)


 * Thanks,, and apologies - I see that I forgot to sign my comment above. Laterthanyouthink (talk) 09:10, 3 March 2021 (UTC)

Lumayan lah authenticator
lumayan lah google authenticator Lintang hernawati (talk) 03:27, 9 May 2024 (UTC)


 * Erm, what? NoRelation (talk) 09:29, 1 June 2024 (UTC)