If you have an iOS, Android, Windows phone or Blackberry device, you can turn on Google Authenticator to add an extra layer of security to your account. This will make it a lot harder for unauthorized users to gain access to your account.

You should not rely on Google Authenticator if you do not have a strong password. Visit Phishing for more information.

Never share your token code with a friend or anybody else. xat staff or volunteers will never ask you to turn off Authentication. If anyone asks you to turn off Authentication, they are trying to access your account and steal your xats, days, and/or powers.

SAVE YOUR BARCODE IMAGE so you can scan it later if you lose your code.

How to enable or disable Google Authenticator

Account security options.


To enable authentication, go to the login page, and login successfully. Click the third drop down menu and turn authentication to "ON (authenticated)". Enabling this will now lead you to a page with a QR code. You can scan the barcode by pressing the "Scan a barcode" option using the Google Authenticator app or browser extensions located below. You should receive a 6 digit code that you can then enter into the "Enter authenticator code" section on the xat login. The authenticator application generates a new 6 digit token code every 30 seconds. Ensure that you tick *Check to save token on this PC for 30 days.* If this is not ticked, it will ask for a new authentication code every time you login to your xat account.

Example of QR code.

IMPORTANT: When you enable Google Authenticator, it is recommended for you to print the page with the code given. This will help you add it again in case you lose your authenticator code.


To disable authentication, go to xat's login page and login successfully. Select the last drop-down menu and set it to "OFF (not authenticated)". This will also disable tickle power.

Frequently Asked Questions

Q. I get a clock error.

  • A. Please check the clock on your device and ensure that your time is set correctly. If the problem still occurs re-scan the bar code or re-enter the time-based code.

Q. Incorrect authenticator code.

  • A. Make sure the time on your phone is set correctly and enter the token then displayed on your phone.

Q. What happens if I lose my phone or don't have access to enter the Token code?

  • A. Make a ticket at Under "Lost Auth" and request that you want your Token code reset.

Q. I get "Login requires authenticator code."

  • A. Check your device and enter the authenticator code given inside of the application.

Q. If I switch phones, how will I get this to work on my new one?

  • A. If you change phones, you need to use the page you printed out and add the account QR code/time-based code to the application again. You can also turn off authenticator and turn it back on and use the new code.

Q. My Google Authenticator codes aren't working.

  • A. This might be because the time on your Google Authenticator app is not synced correctly.
  • To make sure that you have the correct time:

On Android:

  • 1. Go to the main menu on the Google Authenticator app
  • 2. Click Settings
  • 3. Click Time correction for codes
  • 4. Click Sync now

On the next screen, you will be confirmed whether time has been synced, and you should now be able to use your verification codes to log in. Syncing will only affect the internal time of your Google Authenticator app, not the one in your device's settings.

On iOS:

  • 1. Go to the iPhone Settings app (your phone settings area)
  • 2. Select General
  • 3. Select Date & Time
  • 4. Disable the Set Automatically option and re-enable again
  • 5. Reboot your device

Authenticator Applications

iOS, Android and BlackBerry Application support is listed at the following link: When following these guides, please use the code or QR code given by xat after enabling the google authenticator option as these are for your xat account.

Windows Phone app:

Windows 8/8.1/10 app:

Use Authentication without an application

Google Chrome:


Other browsers: (use the web app)

Simply install the extension/app and add the time-based code to the extension and it will generate the authentication codes for you to use to login.

In the case of other browsers, you will have to load the web app every time to access your authenticator codes.

It is recommended to use authenticator on your phone (i.e. using a phone application) if possible as that is more secure.