Google Authenticator App Gets Cloud Backup Feature for TOTP Codes
25.4.23 Security The Hacker News
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) to the cloud.
"This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security," Google's Christiaan Brand said.
The update, which also brings a new icon to the two-factor authenticator (2FA) app, finally brings it in line with Apple's iCloud Keychain and addresses a long-standing complaint that it's tied to the device on which it's installed, making it a hassle when switching between phones.
Even worse, as Google puts it, users who lose access to their devices completely "lost their ability to sign in to any service on which they'd set up 2FA using Authenticator."
The cloud sync feature is optional, meaning users can opt to use the Authenticator app without linking it to a Google account.
That said, it's always worth keeping in mind the pitfalls associated with cloud backups, as a malicious actor with access to a Google account could leverage it to break into other online services.
The development comes days after Swiss privacy-focused company Proton, which surpassed 100 million active accounts last week, unveiled an end-to-end encrypted password manager solution called Proton Pass.
The open source and publicly auditable tool, which makes use of the bcrypt password hashing function and a hardened version of the Secure Remote Password (SRP) protocol for authentication, also comes with 2FA integration.