Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Apr 25, 2023Ravie LakshmananPassword Security / Authentication

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud.

“This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,” Google’s Christiaan Brand said.

The update, which also brings a new icon to the two-factor authenticator (2FA) app, finally brings it in line with Apple’s iCloud Keychain and addresses a long-standing complaint that it’s tied to the device on which it’s installed, making it a hassle when switching between phones.

Even worse, as Google puts it, users who lose access to their devices completely “lost their ability to sign in to any service on which they’d set up 2FA using Authenticator.”

The cloud sync feature is optional, meaning users can opt to use the Authenticator app without linking it to a Google account. That said, it’s always worth keeping in mind the pitfalls associated with cloud backups, as a malicious actor with access to a Google account could leverage it to break into other online services.

The development comes days after Swiss privacy-focused company Proton, which surpassed 100 million active accounts last week, unveiled an end-to-end encrypted password manager solution called Proton Pass.


Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

The open source and publicly auditable tool, which makes use of the bcrypt password hashing function and a hardened version of the Secure Remote Password (SRP) protocol for authentication, also comes with 2FA integration.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

All eyes on APIs: Top 3 API security risks and how to mitigate them
S3 Ep137: 16th century crypto skullduggery
OurX adds tech spin to Black hair care regimen
Critical Zero-Day Flaw Exploited in MOVEit Transfer
Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices

Leave a Reply

Your email address will not be published. Required fields are marked *