Google Authenticator just got an update that should make it more useful for people who often use the service to sign in to apps and websites.
Starting today, Google Authenticator will sync all one-time two-factor authentication (2FA) codes it generates to users’ Google accounts. Previously, one-time Authenticator codes were stored locally on a single device, which meant that the loss of that device often meant losing the ability to log into any service that was set up with Authenticator’s 2FA.
To take advantage of the new sync feature, all you need to do is update the Authenticator app. If you’re signed in to a Google account in Google Authenticator, your codes are automatically backed up and restored on every new device you use. You can also manually transfer your codes to another device, even if you’re not signed in to a Google account, by following the steps on this support page.
Some users may be hesitant about syncing their sensitive codes to Google’s cloud, even if they come from a Google product. But Christiaan Brand, a group product manager at Google, claims it pursues convenience without sacrificing security.
“We released Google Authenticator in 2010 as a free and easy way for sites to add ‘something you have’ 2FA that bolsters user security at login,” Brand wrote in a blog post announcing today’s change . “With this update, we’re introducing a fix for this issue, making one-time codes more durable by securely storing them in users’ Google Accounts.”
Of course, Google hasn’t always maintained an abundance of transparency around the Authenticator roadmap. The app started as an open source project but later became proprietary; the official open-source forks of the Android, iOS, and BlackBerry apps haven’t been updated in years.
Fortunately, if Authenticator doesn’t float your boat, there are plenty of alternatives to 2FA. Authy is one of the most popular, but Duo is another popular pick — and, for what it’s worth, the New York Times’ top pick.