Jump to content
Sign in to follow this  

Google Authenticator

Recommended Posts

Hi there,


I found this small note about your own authenticator.


Is anybody using Google Authenticator for your own apps ?

Maybe there is a ready-made library somewhere, that makes it easy to use.


What I suspect about Google Authenticator, that his is another piece of data Google is analysing,

so it always knows when and where you logged in.

Together with what Google already knows, this is maybe highly problematic.


But I'm not sure about the Google Authenticator, and maybe its perfectly fine, do you have any experience with it ?

I want to try that out, but also check alternative, own authentication systems.






Share this post

Link to post

Google Authenticator is a One Time Password Generator. There are several alternatives that work the same way and are open source, e.g. FreeOTP is the one I use. These apps use the current time and a shared secret (with the server) to generate a 6 digit number. They all generate the same number given the same input, so you could use it to authenticate with your own app. The number is only valid for login for about 30 seconds.


Of course Google Authenticator could use the data you add into it and the information about when you use it to log into which service for Googles purposes. But since it does not need an internet connection to fulfill its purpose, you could simply check whether it phones home or not. If it does, it's doing something it doesn't need to do and probably shouldn't do. Or, if you want to be 100% sure, use an open source solution and compile it yourself.


(There are other methods to generate One Time Passwords, see e.g. Wikipedia for that.)

Edited by dummzeuch

Share this post

Link to post

Thanks, I'm not sure how to check if an app calls some web services.

Have you checked that its not sending anything ?

To proof that sound too me like a big Wireshark setup with local proxy server, to catch any transmission.


I would trust in that regard, as they have to loose a lot of reputation if they would cheat us.

But the bad taste is still there, as they might change their mode at any time.


I will check FreeOTP, that sounds interesting.


Share this post

Link to post

There are also several firewall apps for Android which should allow checking for this, but I have never actually used one.


Given, that Google knows about everything about me due to me using an Android phone, GMail and being constantly logged into my Google account while surfing the web, I don't really see a need to check whether any of the other Google tools submits any more information. If I ever find a usable replacement for GMail, I might make an effort though.

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this