Best Practice in Communication

Network II

Google Authentication

Chinnasamy Ramesh (CHI0033)

Introduction:
Google offers various kinds of two-factor authentication. Alongside the traditional
password, users can enter a one-time security code that they receive via text or
voice call or that they generate on the Google Authenticator app, which runs on
Android and on Apple's mobile operating system iOS.
2 factor authentication:
Two-factor authentication verifies your identity by using two of three factors:
something you know (like a passcode), something you have (like a key), and
something you are (like a fingerprint). Now, think of your garage door code
(knowledge factor) and your house key (possession factor).
Two-factor authentication (also known as 2FA or dual authentication) is a type of
multi-factor authentication (MFA) that increases account security by using two
methods to verify your identity. Online, 2FA usually refers to a second layer of
security on top of a password.
Why do we need two-factor authentication (2FA)?
We need two-factor authentication because it’s a more effective way to control
access than keeping your personal data protected with only a password. If someone
hacks an account protected by 2FA, they’ll still need to know the second access
factor, like an SMS verification code or your fingerprint, to access your account.

How does 2FA work?

Two-factor identification works by using two unrelated authentication methods to
secure an account. The second authentication method usually needs to be verified
with something in your personal possession — such as your phone — in addition
to your normal username and password.
A login or access method consisting of a password and a security question is not
very secure, because if someone knows one password, they likely know — or can
figure out — the security question. It’s much harder to have access to a totally
different factor, such as your actual phone, which is why two-factor authentication
is so much more secure.

2FA: the three factors

Here are the three main 2FA authentication factors:
• Knowledge factor
This is something you know. It can’t be physically lost or found, but it
can be copied — like a password or PIN code.
 • Possession factor
This is something you have that can’t be easily copied, but can be
stolen — like a bank card or physical key.
• Inherence (biometric) factor
This is something you are, which can’t be easily faked — like a
fingerprint or face ID.
• Here are some other common examples of two-factor authentication:
Accessing online accounts with one-time SMS verification (OTP) codes
• You know your username and password
• You have your phone
Traveling internationally
• You have your passport
• You are you, verified by facial recognition, fingerprints, or retina scans

How to set up 2FA

Many apps and services offer 2FA, but it might not be enabled by default. Check
your account’s security settings to see if 2FA is available. Google has its own
Google Authenticator app, which generates 2FA codes automatically. Or, you can
enable 2FA yourself via your Google Account or Gmail account.
Here’s how to set up 2FA on your Google Account:
1. Sign in to your Google Account.

2. Click your profile picture and select Manage your Google Account.
3. Click Security in the left panel, then click 2-Step Verification.
4. Click Get Started.

5. Confirm your password.

6. Choose how you want to verify that your phone is really yours: a
prompt (default), a security key, a text message, or a voice call. Then
click Try It Now.
7. Google will ask you to confirm using the prompt on your phone.

8. Verify using your authentication method of choice.

9. Now, add a backup phone number or email in case you lose your phone
or can’t verify the prompt. Then, choose an option (text message or
phone call) and click Send.

10.Google will send a verification code to your phone.

11.Enter the Google Verification code into your Google Account 2FA
settings, then click Next.

12.Now click Turn on.

 13.You’re done! Now two-factor authentication is set up in your Google
Account. Check the confirmation email from Google to ensure the
process worked.

You can also set up 2FA on your Apple device, as well as Facebook, Reddit, and
almost any other app, platform, or device you use. Two-step authentication, with
a strong password and another verification method, is far more secure than just a
password alone.

Working Principal and Algorithm:

Time-based one-time password (TOTP) is a computer algorithm that generates
a one-time password (OTP) that uses the current time as a source of uniqueness.
To establish TOTP authentication, the authenticate and authenticator must pre-
establish both the HOTP parameters and the following TOTP parameters:
Parties intending to use HOTP must establish some parameters; typically, these are
specified by the authenticator, and either accepted or not by the authenticated:

• A cryptographic hash method H (default is SHA-1)

• A secret key K, which is an arbitrary byte string and must remain private
• A counter C, which counts the number of iterations
• A HOTP value length d (6–10, default is 6, and 6–8 is recommended
 • T0, the Unix time from which to start counting time steps (default is 0),
• TX, an interval which will be used to calculate the value of the
counter CT (default is 30 seconds).
Both the authenticator and the authenticate compute the TOTP value, then the
authenticator checks whether the TOTP value supplied by the authenticate matches
the locally generated TOTP value. Some authenticators allow values that should
have been generated before or after the current time in order to account for
slight clock skews, network latency and user delays.
TOTP uses the HOTP algorithm, replacing the counter with a non-decreasing value
based on the current time:
TOTP value(K) = HOTP value(K, CT),
calculating counter value
CT = T- T0 / TX

where

• CT is the count of the number of durations TX between T0 and T,

• T is the current time in seconds since a particular epoch,
• T0 is the epoch as specified in seconds since the Unix epoch (e.g. if
using Unix time, then T0 is 0),
• TX is the length of one time duration (e.g. 30 seconds).
Unix time is not strictly increasing. When a leap second is inserted into UTC, Unix
time repeats one second. But a single leap second does not cause the integer part of
Unix time to decrease, and CT is non-decreasing as well so long as TX is a multiple
of one second

Google Authentication App:

SMS-based 2FA has a known security flaw, and any devoted hacker can attempt
to socially engineer an attack against your phone company. The Google
Authenticator app eliminates the possibility of an SMS-based attack using
algorithms to generate the codes on your phone.
Here's how to set it up:
1. Download Google Authenticator from either the Apple App Store or the
Android Google Play store. It's free.
2. Next, set up two-step verification on your google account. Log into your google
account. Under "Security and Sign-In" select "Two-Step Verification," and then
scroll down to select the "Authenticator app" option.
Credit: Mashable
3. Select your phone, Android or iPhone.

Credit: Mashable
4. Open the actual Google Authenticator app your phone and tap the plus button:
Credit: Mashable
5. At the bottom of your screen two options will show up, "Scan barcode" and
"Manual entry."
Credit: Mashable
You only need to choose one of these options to complete the process. Using the
"Scan barcode" option takes a bit longer to complete, requiring you to download a
QR scanner from the app store and then pointing your phone at the QR code on
your computer screen to verify Google Authenticator's connection with your
account.

Credit: Mashable
In contrast, "Manual Entry" just means that google will send you a 16-digit code to
an e-mail address. You then enter the code to complete the verification process:
Credit: Mashable
Make sure the "Time Based" option is toggled to ON, to ensure the code you're
entering is aligned with the Authenticator's most recent passcode generation.
Now, each time you log into the account you've connected with Google
Authenticator, the account will ask you to enter a six-digit verification code.
Simply open the Google Authenticator app, and the app will generate the new,
randomized code for you to enter.

Credit: Mashable
(Remember, If you stay logged in, you won't need to go through the 2-FA process
during each login.
Congratulations. Your account is not only protected with two-factor authentication,
but with the added security of Google's six-digit authenticator code.