diff --git a/wiki/source/googleauth.md b/wiki/source/googleauth.md
new file mode 100644
index 0000000..1c249fc
--- /dev/null
+++ b/wiki/source/googleauth.md
@@ -0,0 +1,53 @@
+# Using Google Authenticator.
+
+To get started with google authenticator run the following command
+
+  'google-authenticator'
+  
+Allow the command to update your Google Authenticator. After running the command, you’ll be asked a couple of questions, the first one being:
+
+  'Do you want authentication tokens to be time-based (y/n)'   You need to answer 'yes'(y)
+  
+You’ll then be presented with a secret key and multiple “scratch codes”. 
+We strongly suggest saving these emergency scratch codes in a safe place, 
+like a password manager. These codes are the only way to regain access if 
+you lose your phone or lose access to your TOTP app, and each one can 
+only be used once, so they really are in case of emergency.
+
+You’ll then be prompted with several questions,  The choices are all about balancing security with ease-of-use.
+It begins with: 
+
+  'Do you want me to update your "~/.google_authenticator" file (y/n)'
+You will need to answer 'yes'(y) for google authenticator to work with your login.
+
+Next question we also suggest answering yes to prevent a replay attack:
+
+  'Do you want to disallow multiple uses of the same authentication 
+token? This restricts you to one login about every 30s, but it 
+increases your chances to notice or even prevent 
+man-in-the-middle attacks (y/n)'
+
+For security reasons we strongly suggest answering 'no'(n) to this next question:
+
+  'By default, tokens are good for 30 seconds and in order to 
+compensate for possible time-skew between the client and the server, 
+we allow an extra token before and after the current time. If you 
+experience problems with poor time synchronization, you can increase 
+the window from its default size of 1:30min to about 4min. 
+Do you want to do so (y/n)'
+
+On the next question we suggest answering 'yes'(y) since rate-limiting means that a remote attacker can only attempt
+a certain number of guesses before being blocked.
+
+  'If the computer that you are logging into isn't hardened against 
+brute-force login attempts, you can enable rate-limiting for the 
+authentication module. By default, this limits attackers to no more 
+than 3 login attempts every 30s. 
+Do you want to enable rate-limiting (y/n)'
+
+Now your configured.  Your next login you can login without an SSH key.   Make sure you know your account password
+because login using google-authenticator will still require your password before letting you in.
+
+
+
+