Google released an update for Authenticator, allowing one-time two-factor authentication (2FA) codes to go straight to the cloud. This update should be helpful for those who prefer Google Authenticator to sign in to their multiple app accounts and websites. It will also prevent instances where users are locked out of their accounts when they lost their devices.
Google Authenticator to Allow Backing Up of Sensitive Codes in Users' Google Account
As reported by Engadget, Google Authenticator was recently updated for Android and iOS. The said update should enable backing up the one-time codes to the user's Google account. There is no need to repeat the authorization process for the linked apps when a new device is used. Scanning a QR code to permit access to the user's account will no longer be required as well.
Those who want to use Google Authenticator's updated feature should have the latest app version installed on their devices. Users can simply follow the prompts to sign in and turn the sync on. It is also important that before enabling the feature, users must ensure that their accounts are secured to prevent fraudulent entities from taking advantage of the feature.
Despite the latest Authenticator update, Google still supports password-free access to users' accounts using features like passkeys. According to the search engine giant's latest blog post regarding Authenticator, Google is aware that many users are still relying on one-time codes. Hence, the latest update should avoid confusion from accessing 2FA codes.
The company is also giving users a chance to consider alternative authentication methods, particularly two-factor authentication if they feel that using one-time codes is no longer convenient. Some people are wary of 2FA codes since their devices can get stolen and the sensitive codes can be accessed by bad actors. In the previous system for 2FA codes, Google Authenticator generated codes that were stored locally on a single device.
Using Cloud to Backup One-Time Passcodes Not a First Time in Tech Companies Like Google
Google product Christan Brand appeased the public's concern about syncing 2FA codes with the cloud, promising Google's "pursuit of convenience without sacrificing security."
"We released Google Authenticator in 2010 as a free and easy way for sites to add 'something you have' 2FA that bolsters user security when signing in," Brand stated in the blog post. "With this update we're rolling out a solution to this problem, making one time codes more durable by storing them safely in users' Google Account."
While the Google Authenticator update is a convenient solution for users having an issue with accessing their accounts, other companies already made a similar adjustment. Microsoft Authenticator, for example, also used the cloud to store passwords. However, Google adapting the same system is a big deal considering the number of people using Authenticator to sign in to their accounts.
Over the past few years, Google has not always been transparent when it comes to this service. This feature started as an open-source project that later on became proprietary. To note, the open-source authenticators for Android, iOS and BlackBerry apps have not received any updates for many years.