Search giant Google on Monday rolled out a major update to its 12-year-old Authenticator app for Android and iOS with an account sync option that lets users back up their one-time passwords (TOTP) in the cloud.
“This change means users are better protected from blocking and services can trust users to retain access, increasing both convenience and security,” said Google’s Christiaan Brand.
The update, which also brings a new icon to the Two-Factor Authenticator (2FA) app, finally aligns it with Apple’s iCloud Keychain and addresses a long-standing complaint that it’s tied to the device it’s on installed, making it a hassle when switching from one phone to another.
Even worse, as Google says, users who lose access to their devices completely “lost their ability to sign in to any service where they had set up 2FA using Authenticator.”
The cloud sync feature is optional, meaning users can choose to use the Authenticator app without linking it to a Google Account.
That said, it’s always worth considering the downsides associated with cloud backups, as a malicious actor with access to a Google account could use it to break into other online services.
The development comes days after Swiss privacy-focused company Proton, which surpassed 100 million active accounts last week, unveiled an end-to-end encrypted password management solution called Proton Pass.
Zero Trust + Deception – Learn to Outsmart Attackers!
Learn how Deception can detect advanced threats, stop lateral movement, and improve your Zero Trust strategy. Join our in-depth webinar!
Save my seat!
The publicly auditable, open source tool, which makes use of the bcrypt password hash function and a hardened version of the Secure Remote Password (SRP) protocol for authentication, also includes 2FA integration.
Google has recently added a much-requested feature to their popular Authenticator App – cloud backup for time-based one-time passcodes (TOTP). The new cloud-based backup feature allows users of the Authenticator App to store their codes on a secure cloud server in the event of loss or theft of their phone, which is often connected to their Google accounts and other services.
With the introduction of cloud backup, users of the Google Authenticator App will now be able to protect their two-factor authentication codes in the event of losing their device, which can otherwise be incredibly disruptive and prone to security issues. Now, with just a few simple steps, users can ensure their accounts remain secure without worrying about the loss of their smartphone.
Although the new cloud backup feature may help users out of a sticky situation, there is no denying that an extra layer of security is always recommended. For example, at Ikaroa, our security experts recommend using an authenticator app with two-factor authentication plus a physical security key or Yubi key whenever possible.
Thanks to the latest update of the Google Authenticator App, users can now enable the cloud-based feature to store their one-time passcodes and for additional assurance, all backed up codes are scoped, meaning that even if their account does become compromised, the codes are unreadable and useless to any imposters.
The new cloud backup feature should be a welcome addition to the Google Authenticator App, as it provides an extra layer of security for users who are increasingly reliant on two-factor authentication services. At Ikaroa, we believe that the addition of cloud backup gives users the confidence to turn on two-factor authentication and protect their accounts.
