How to setup two-factor authentication with the Google Authenticator app

by | Tools

2FA (two-factor authentication) is my BFF and should be yours too, IYKWIMAITYD.

A duotoned dark purple and beige version of the Apple 'padlock' emoji, in front of a light blue starburst shape

Summary: To set up two-factor authentication with Google Authenticator: download the app, link it to your accounts by scanning a QR code, and enter the generated code when logging in. This adds an extra layer of security to your online accounts.

What does 2FA mean?

Two-factor authentication (2FA) is a fancy way of saying that the system is double checking it’s really you trying to sign in — you need a second authentication step, beyond your username and password*.

There are a few different types of 2FA, such as:

  • Answering “secret questions”
  • Scanning your face, or fingerprint
  • Approving the login request via another app
  • Entering a PIN code (from memory)
  • Entering a 2FA code (from an authenticator app, or a text-message)

There are various authenticator apps available, but I use Google Authenticator as it’s easy to setup, always with me (as an iPhone app), and seems to work with most of the apps I want 2FA for.

Here’s a short (4min) video on how I use Google Authenticator:

Here’s what’s covered:
0:08 What is 2FA
0:25 Types of two-factor authentication
1:00 Google Authenticator app
1:21 Authenticator app demo
1:43 Add a new account for 2FA
2:00 When to use 2FA
2:28 Backing up the Google Authenticator app
3:11 Password manager apps

And here’s what it looks like in use:

Screenshot of the WordPress two-factor authentication screen, showing "2FA Code" and a "Log in" button
2FA code request for logging into WordPress
Screenshot of the Xero two factor authentication code request screen
2FA code request for logging into Xero
Screenshot of the Employment Hero two factor authentication code request screen
2FA code request for logging into Employment Hero
Screenshot of the Google Authenticator app screen offering "Scan a QR code" or "Enter a setup key"
Google Authenticator ‘add new item’ screen
Screenshot of the Google Authenticator app screen showing different website names, each with a large numerical code underneath
Google Authenticator ‘code generation’ screen

A note on backups

I don’t have a paid iCloud hosting account, so I need to keep my data backups to a minimum but Google Authenticator is one of the verrry few apps I use the in-built iCloud backup service for — to make sure I don’t lose my two-factor authentication access if I lose my phone.

Screenshot of the iCloud backup settings screen showing all apps turned off except Google Authenticator
iCloud backup settings (note: only Authenticator is turned on!)

*Here, I’ve gotta say it: please please please use a password manager, if you can afford it. Apps like 1Password, Dashlane and LastPass are the gold standard for storing passwords securely, and easily accessed from your computer or smartphone. If you’re an Apple user, then the iCloud keychain service is the next best thing — this option is free, but less secure and only available on Apple devices. All of these are better than using the same password for everything. Please don’t do that.

Do I need two-factor authentication?

It’s more and more common for 2FA to be a requirement (like you can’t get in without it!) but it’s a really good idea to turn it on for any apps or websites that offer it as an option. By requiring this ‘double check’ you’re adding an extra layer of protection, making it harder for someone else to login pretending to be you.

At a minimum, think about where your most sensitive data might be stored and start with those, such as:

  • Online banking
  • Superannuation
  • Any other financial systems (like shares, or insurance)
  • Your primary email
  • Phone account
  • Other utilities (like gas, water, and electricity providers)

Once you’re up and running, it’s easy to add other services over time. I promise it’s worth it!

Submit a Comment

Your email address will not be published. Required fields are marked *