With its new update, Google Authenticator finally allows you to synchronize your verification codes between different devices via the cloud. What to avoid losing all access to its accounts in case of loss or theft of the smartphone!
To deal with increasingly present cybercrime, double authentication (2FA) appears to be the best protection that an Internet user can have for his various accounts. This is why applications like Google Authenticator or Microsoft Authenticator are constantly gaining popularity. As a reminder, they generate single-use codes (OTP) that the user must insert after entering their identifiers to access their accounts. It’s an extra layer of security to prevent someone from logging on without their knowledge.
Google Authenticator is one of the most popular applications in this field. However, since its release in 2010, it has suffered from a major flaw, which is that it can only be configured on a single device, which poses a problem when the user changes it, since he then has to reconfigure everything. In addition, by storing the verification codes locally, the application no longer offers any protection if the smartphone is lost or stolen… This time is now over since, as announced by Google on his blog, the new version of Authenticator allows the synchronization of one-time passwords between different devices connected to the same Google account, which greatly facilitates the configuration of the application when switching to a new device. A small revolution for the password manager, which will have taken years to arrive – other solutions like Authy have been offering the function for a long time – and is accompanied for the occasion by a change of logo.
Google Authenticator synchronization: codes stored in the cloud
When the user lost or had their smartphone stolen, they lost all the one-time codes stored on it, which deprived them of their ability to connect to all the services for which they had configured 2FA using ‘Authenticator. “Because unique codes in Authenticator were only stored on one device, the loss of that device meant that users lost their ability to log into any service on which they had set up two-factor authentication. ‘app help’explains Christiaan Brand, product manager at Google. “With this update, we’re rolling out a solution to this issue, making unique codes more durable by storing them securely in users’ Google Accounts.”
Now, when setting up a new phone and signing in to its Google account, the Google Authenticator app is operational without requiring any specific setup procedure. To activate synchronization, simply update the application on Android (v6.0) or iOS (v4.0) making sure you have your Google account connected. AT the first opening of the new version of the application, it will offer the user to save his codes in the cloud, which will allow him to find them in any device where he is connected to his Google account. Inevitably, it is a little less secure than local encryption only, which could encourage malicious people to specifically target Google accounts, but remember that this is an optional option. Google reaffirms its desire to continue to optimize its two-factor application, even as the company aspires to a passwordless future, which it is trying to achieve with the development of passkeys (see our article).