Multi-factor authentication is one of the most secure ways to protect online accounts. And Google Authenticator is one of the major multi-factor authenticators around.
While Google Authenticator has long come in handy, the one-time codes that the app generates have long lived inside the app itself and no where else. But this time, with an update, the codes can be synced to users' Google Account.
What this means, whenever users set up a new phone and log in to their Google Account, Google Authenticator should be ready to go without requiring users to set it up.
But more importantly, this also means that if ever users lose their phone, or when it's stolen, getting back into their Google Accounts from another device should be a lot easier, and a lot less nerve-racking.
This is because in the past, saved entries are tied to users' phone’s hardware. What this means, if ever users lose their phone, they also lose their codes. This is an enormous inconvenience, as a lost phone could mean a permanent lockout of apps users use every day.
In order to tie Google Authenticator with users' Google Accounts, the app finally supports cloud syncing.
Other multi-factor authentications have cloud syncing, but Google really dragged its feet in bringing it to Authenticator, which launched all the way back in 2010, until this time.
According to Google’s Christiaan Brand wrote in a blog post:
"Since one time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator."
"With this update we’re rolling out a solution to this problem, making one time codes more durable by storing them safely in users’ Google account."
"This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security."
By allowing Google Authenticator to store codes inside the cloud, and link them to users' Google Accounts, according to Google, "this change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security."
"Making technology for everyone means protecting everyone who uses it. We’re excited to continue building and sharing convenient and secure offerings for users and developers across the web."
To use this Google Authenticator with Google Account synchronization, users only need to update the app on either Android or iOS, and follow the prompts.
Google also has a support page that goes into more detail on the feature, confirming that "if you’re signed into your Google Account within Google Authenticator, your codes will automatically be backed up and restored on any new device you use."
This feature comes with a new logo, because Google Authenticator has ditched the vault-looking looks of the Google 'G' logo with an asterisk in Google’s colors.
"While we’re pushing towards a passwordless future, authentication codes remain an important part of internet security today, so we’ve continued to make optimizations to the Google Authenticator app," Brand wrote.
Good things come to those who wait. New and improved @Google Authenticator. (Feels like an appropriate start to @RSAConference week). https://t.co/AaBqP3B2Gh pic.twitter.com/06UW784exX
— Christiaan Brand (@christiaanbrand) April 24, 2023
The convenience of cloud syncing however, comes with some potential risks.
For example, the cloud syncing of one-time passcodes could potentially make targeting Google Accounts even more tempting for malicious actors. And if ever malicious actors break into users' account, they could gain access to a number of sensitive accounts.
Fortunately, Google spokesperson Kimberly Samra confirmed that the Google Authenticator and Google Account syncing is optional.
In addition to one-time codes from Authenticator, Google has long been driving multiple options for secure authentication across the web.
In the blog post, Christiaan Brand added that Google Password Manager has long been securing users' passwords, and helps users sign in faster with Android and Chrome.
Whenever users are logged in into their Google Accounts, Google can allow users to log in to a website or app using their Google Account.
"We’ve also been working with our industry partners and the FIDO Alliance to bring even more convenient and secure authentication offerings to users in the form of passkeys," Brand said.