Google Authenticator can now sync 2FA codes to the cloud
Google Authenticator just got an update that should make it more useful for people who frequently use the service to sign in to apps and websites.
As of today, Google Authenticator will now sync any one-time two-factor authentication (2FA) codes that it generates to users’ Google Accounts. Previously, one-time Authenticator codes were stored locally, on a single device, meaning losing that device often meant losing the ability to sign in to any service set up with Authenticator’s 2FA.
To take advantage of the new sync feature, simply update the Authenticator app. If you’re signed in to a Google Account within Google Authenticator, your codes will automatically be backed up and restored on any new device you use. You can also manually transfer your codes to another device even if you’re not signed in to a Google Account by following the steps on this support page.
Some users might be wary of syncing their sensitive codes with Google’s cloud — even if they did originate from a Google product. But Christiaan Brand, a group product manager at Google, asserts it’s in the pursuit of convenience without sacrificing security.
“We released Google Authenticator in 2010 as a free and easy way for sites to add ‘something you have’ 2FA that bolsters user security when signing in,” Brand wrote in the blog post announcing today’s change. “With this update we’re rolling out a solution to this problem, making one time codes more durable by storing them safely in users’ Google Account.”
Of course, Google hasn’t always maintained an abundance of transparency around Authenticator’s roadmap. The app began as an open source project, but later became proprietary; the official open source forks of the Android, iOS and BlackBerry apps haven’t been updated in years.
Fortunately, if Authenticator doesn’t float your boat, there are loads of alternatives for 2FA. Authy is among the most popular, but Duo is another popular choice — and, for what it’s worth, The New York Times’ top pick.