Thomas Habets edited this page Jul 4, 2017 · 11 revisions

The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth).

These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.

Index

Implementations

This project currently offers mobile application implementations of HOTP/TOTP for Android, iOS, and Blackberry, as well as a PAM module.

Google Authenticator for Android

The code for Android has been moved to a separate GitHub project.

The Android mobile app supports:

  • Multiple accounts
  • Support for 30-second TOTP codes
  • Support for counter-based HOTP codes
  • Key provisioning via scanning a QR code
  • Manual key entry of RFC 4648 base32 key strings

DISCLAIMER: This open source project allows you to download the code that powered version 2.21 of the application. Subsequent versions contain Google-specific workflows that are not part of the project.

Google Authenticator for iOS

The iOS mobile app supports:

  • Multiple accounts
  • Support for 30-second TOTP codes
  • Support for counter-based HOTP codes
  • Key provisioning via scanning a QR code
  • Manual key entry of RFC 4648 base32 key strings

Google Authenticator for Blackberry

The BlackBerry mobile app supports:

  • Multiple accounts
  • Support for 30-second TOTP codes
  • Support for counter-based HOTP codes
  • Manual key entry of RFC 4648 base32 key strings

PAM Module

The PAM module can add a two-factor authentication step to any PAM-enabled application. It supports:

  • Per-user secret and status file stored in user's home directory
  • Support for 30-second TOTP codes
  • Support for emergency scratch codes
  • Protection against replay attacks
  • Key provisioning via display of QR code
  • Manual key entry of RFC 4648 base32 key strings

Source Code

You can checkout the project's source code from the Git repository. See more details in Checking Out.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.