Google’s Authenticator app for Android and iOS, which has been around for 12 years, received a significant update on Monday that includes an account synchronization feature that enables users to back up their time-based one-time passwords (TOTPs) to the cloud.
Google’s Christiaan Brand stated, “This change means users are better protected from the lockout and that services can rely on users retaining access, increasing both convenience and security.”
The two-factor authenticator (2FA) app now has a new icon and is finally aligned with Apple’s iCloud Keychain. It also addresses a long-standing complaint that it is tied to the device on which it is installed, making it difficult to switch phones.
Even worse, users who lost access to their devices “lost their ability to sign in to any service on which they’d set up 2FA using Authenticator,” according to Google.
The cloud sync include is discretionary, meaning clients can select to use the Authenticator app without linking it to a Google account.
Having said that, cloud backups have their drawbacks, and a malicious actor with access to a Google account could use it to break into other online services.
The new development comes just a few days after the Swiss privacy-focused company Proton, which last week reached 100 million active accounts, introduced Proton Pass, an encrypted password manager system.
2FA integration is also included in the open-source and publicly auditable tool that uses the bcrypt password hashing function and a hardened version of the Secure Remote Password (SRP) protocol for authentication.