Google Authenticator now backs up your 2FA codes to the cloud


The Google Authenticator app has received a critical update for Android and iOS that allows users to back up their two-factor authentication one-time passwords (OTPs) to their Google Accounts and have multi-device support.

Two-factor authentication (2FA) adds a second layer of security to your online accounts, making it more difficult for attackers to hack them. Accounts configured with 2FA will require users to enter a one-time passcode before logging into an account, which is sent via SMS texts, emails, or generated by an authenticator app.

Google Authenticator is an immensely popular authentication app with over 100 million installs that lets users generate these one-time passwords for 2FA verification.

Using an authentication app is a safer alternative to SMS and email-based 2FA because those can be compromised by hackers or ported by SIM swap actors, making it easier to bypass 2FA verification and hijack accounts.

Google Authenticator gets cloud backup

While Google Authenticator is immensely popular, one of the biggest critiques has been the inability to back up one-time 2FA codes and the lack of multi-device support.

Without this feature, if you lost your mobile devices where Google Authenticator was installed, you would also lose all of your 2FA configurations, making it very time-consuming and difficult to regain access to your accounts. Furthermore, without a cloud backup, you could not add your 2FA codes to multiple devices.

“One major piece of feedback we’ve heard from users over the years was the complexity in dealing with lost or stolen devices that had Google Authenticator installed,” explains Google in the announcement.

“Since one-time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator.”

With yesterday’s Google Authenticator update, users will be prompted to log in to their Google account when they open the new version of the app and synchronize their 2FA codes with their Google account.

New promt on Google Authenticator for iOS
New prompt on Google Authenticator for iOS (BleepingComputer)

Google has set a requirement that 2-step verification must be activated on the Google Account for cloud backups to work, as it reduces the likelihood of unauthorized access.

The new Authenticator app update is currently available on the Apple iOS store but appears to be gradually rolling out to Android users. Therefore, be patient if you do not see the Google Authenticator version 6.0 available for Android yet, which includes the new features.

For more details about performing OTP backups, account synchronization, and migration, check out Google’s step-by-step instructions.



Source link