Google Authenticator adds a long-standing customer request: you can now sync your two-factor authentication codes to your Google account. So when you set up a new phone and log in to your account, Authenticator is ready to go with no need for its own setup process. This also means that if your phone is lost or stolen, it will be less nerve-wracking to get back into your accounts from another device.
Cloud sync has become relatively common with other two-factor tools like Authy, but Google really dragged its feet in bringing it to Authenticator, which launched way back in 2010.
“A key feedback we’ve heard from users over the years has been the complexity of dealing with lost or stolen devices with Google Authenticator installed,” said Google’s Christiaan Brand. wrote in a blog post. “Since one-time codes in Authenticator were only stored on one device, the loss of that device meant that users were no longer able to log into any service they had set up 2FA with Authenticator on.”
“With this update, we’re introducing a fix for this issue, making one-time codes more durable by securely storing them in users’ Google Accounts,” Brand wrote. “This change means users are better protected against lockout and services can rely on users to maintain access, increasing both convenience and security.”
To enable cloud sync for two-factor codes, you’ll need to update to the latest version of the Authenticator app for Android and iOS. Google has a support page that elaborates on the feature, confirming that “if you’re signed in to your Google account within Google Authenticator, your codes will be automatically backed up and restored on any new device you use.”
That noise you’re hearing is IT support workers everywhere breathing a huge sigh of relief. This was a much-needed step to make one-time codes more user-friendly. Authenticator and other similar apps are a much more secure option than relying on SMS codes. Did you know iOS can now do this natively? Not everyone is aware. The more friction you can eliminate, the more acceptance there will be.
The convenience of cloud synchronization may come with additional risks
But cloud synchronization of one-time passcodes could potentially make targeting Google accounts even more attractive to malicious actors. If you can break into an account, you can gain access to a large number of sensitive accounts. Google spokesperson Kimberly Samra confirmed that account syncing is completely optional. But if you enable it, don’t expect additional security measures beyond Google’s standard measures. To keep out uninvited guests, Authy has both a unique password for restoring two-factor backups And a toggle to allow (or prevent) multiple devices from being used with an account.
With this update, the Authenticator app also switches to a new logo, replacing the boring vault look with an asterisk in Google’s colors. “As we move towards a passwordless futureauthentication codes remain an important part of internet security today, so we’ve continued to optimize the Google Authenticator app,” wrote Brand.
Update April 24, 4:00 PM ET: The article has been updated with confirmation from a Google spokesperson that account synchronization is optional.