Ever since it came out, Google Authenticator has been a popular choice for generating two-factor authentication codes on the fly. The service is reliable and secure, but has always had one glaring issue: the inability to sync authentication codes between devices, leaving you at risk of losing access to all of your 2FA accounts.
You could transfer these codes, but the process was long, tedious, and often unreliable. The biggest risk came if your phone was even stolen, or you gave it away before transferring authenticator apps. You’d better hope you had all those backup codes stored somewhere securely to go through the process of setting up the whole system again. That’s tedious if you have dozens (or hundreds) of protected accounts, and downright disasterous if you don’t have backup codes.
This issue was the primary reason why Google Authenticator never made it to the top of our best 2FA apps list. But now, Google has taken the first step in the right direction by enabling account syncing for all codes, by default.
How Google Authenticator’s account syncing works
Once you update the Authenticator app on Android or iOS, you’ll find a brand-new app icon, and a green cloud image in the top-right corner. This tells you that account sync is enabled, and you can finally add as many 2FA codes as you want to Authenticator without worrying about losing access. (However, we still recommend you store the backup codes in a secure password manager like Bitwarden.)
This change is, of course, great for convenience, but not the best news for full protection. If someone does manage to get into your Google account, they now have access to all your OTPs. Google knows this, and they are making this feature optional. If you want to keep the accounts local to the device, you can tap the Profile icon and choose “Use Authenticator without an account.”
There is some work Google can do in this area. They can learn from the Authy app, one of the OGs of 2FA apps. Authy offers account syncing, but requires a unique password for restoring 2FA accounts, and has a toggle for removing other devices from the sync.
All things said and done, Authenticator just became a great alternative for Android users. If you’re in the Apple ecosystem, you can use iCloud Keychain to store and sync 2FA codes as well.
[Mashable]