If you have an iOS, Android, Windows phone or Blackberry device, you can turn on Google Authenticator to add an extra layer of security to your account. This will make it a lot harder for unauthorized users to gain access to your account.
You shouldn't totally rely on Google Authenticator. You still need to use a strong password, see: Phishing.
Never ever share your token code with a friend or anybody else. xat staff or volunteers will never ask you to turn off Authentication. If anyone asks you to turn off Authentication, they are trying to access your account and steal your xats/days/powers.
SAVE YOUR BARCODE IMAGE so you can scan it later if you lose your code.
Instructions on how to enable/disable Google Authenticator
To enable authentication, go to the login page, and login successfully. Click the third drop down menu and turn authentication to "ON (authenticated)". Enabling this will now lead you to a page with a QR code. You can scan the barcode by pressing the “Scan a barcode” option using the Google Authenticator app or browser extensions located below. You should receive a 6 digit code that you can then enter into the “Enter authenticator code” section on the xat login. The authenticator application generates a new 6 digit token code every 30 seconds. Ensure that you tick *Check to save token on this PC for 30 days.* If this is not ticked, it will ask for a new authentication code every time you login to your xat account.
IMPORTANT: When you enable google authenticator, you should also print out the page and save with the code given. This will help you add again in case you lose authenticator code.
To disable authentication, go to the login page, and login successfully. Click the third drop down menu and turn authentication to "OFF (not authenticated)". This will also disable tickle power.
Frequently Asked Questions
Q. I get an error.
- A. Please check the clock on your device and ensure that your time is set correctly.
Q. Incorrect authenticator code.
- A. Make sure the time on your phone is set correctly and enter the token then displayed on your phone.
Q. What happens if I lose my phone or don't have access to enter the Token code?
- A. Make a ticket at http://xat.com/ticket Under "Lost Auth" and request that you want your Token code reset.
Q. I get "Login requires authenticator code."
- A. Check your device and enter the authenticator code given inside of the application.
Q. If I switch phones, how will I get this to work on my new one?
- A. If you change phones, you need to use the page you printed out and add the account QR code/time based code to the application again. You can also turn off authenticator and turn it back on and use the new code.
Q. My Google Authenticator codes aren't working. (Android)
- A. This might be because the time on your Google Authenticator app is not synced correctly.
- To make sure that you have the correct time:
- 1. Go to the main menu on the Google Authenticator app
- 2. Click Settings
- 3. Click Time correction for codes
- 4. Click Sync now
On the next screen, you will be confirmed whether time has been synced, and you should now be able to use your verification codes to log in. Syncing will only affect the internal time of your Google Authenticator app, not the one in your device's settings.
iOS, Android and BlackBerry Application support is listed at the following link: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447 When following these guides, please use the code or QR code given by xat after enabling the google authenticator option as these are for your xat account.
Windows Phone app: https://www.microsoft.com/en-us/store/apps/authenticator/9wzdncrfj3rj
Use Authentication without an application
Other browsers: https://5apps.com/gbraad/gauth (use the web app)
Simply install the extension/app and add the time based code to the extension and it will generate the authentication codes for you to use to login.
In the case of other browsers, you will have to load the web app every time to access your authenticator codes.
It is recommended to use authenticator on your phone (i.e using a phone application) if possible as that is more secure.