Overview

The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth).

These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm currently in draft.

Implementations

This project currently offers mobile application implementations of HOTP/TOTP for Android, iOS, and Blackberry, as well as a PAM module.

Google Authenticator for Android

The Android mobile app supports:

• Multiple accounts
• Support for 30-second TOTP codes
• Support for counter-based HOTP codes
• Key provisioning via scanning a QR code
• Manual key entry of RFC 3548 base32 key strings

Google Authenticator for iOS

The iOS mobile app supports:

• Multiple accounts
• Support for 30-second TOTP codes
• Support for counter-based HOTP codes
• Key provisioning via scanning a QR code
• Manual key entry of RFC 3548 base32 key strings

Google Authenticator for Blackberry

The BlackBerry mobile app supports:

• Multiple accounts
• Support for 30-second TOTP codes
• Support for counter-based HOTP codes
• Manual key entry of RFC 3548 base32 key strings

PAM Module

The PAM module can add a two-factor authentication step to any PAM-enabled application. It supports:

• Per-user secret and status file stored in user's home directory
• Support for 30-second TOTP codes
• Support for emergency scratch codes
• Protection against replay attacks
• Key provisioning via display of QR code
• Manual key entry of RFC 3548 base32 key strings

Source Code

You can download the project's source code from the Mercurial repository. If you encounter difficulties accessing the repository, make sure to read the instructions in the Wiki.