
Google Authenticator finally adds synchronisation with the cloud ☁️
Cliquez ici pour lire en français
Google Authenticator is one of the most popular authentication applications on the market. However, until now, it has lacked one important feature: synchronisation with the cloud.
No more configuration headaches if you lose your smartphone 🥳
If you don’t know what Google Authenticator is, it is an application that randomly generates one-time passwords. In practical terms, if you enable what is known as 2-factor authentication (or double authentication) on Facebook, for example, you will have to enter a random password generated by an application such as Google Authenticator, in addition to your Facebook password. This method has become the norm on Twitter, as explained in a previous article which you can read by clicking here.
Although very convenient, Google Authenticator had one major flaw. When you enabled dual authentication on an account, you had to link your account to the Google Authenticator app, and the codes generated were only available on your smartphone. If you lost your phone, you would also lose the ability to sign in, and you would have to reconfigure everything. This flaw was reported by users and Google has finally taken their feedback into account.
One major piece of feedback we’ve heard from users over the years was the complexity in dealing with lost or stolen devices that had Google Authenticator installed. Since one time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator.
With this update we’re rolling out a solution to this problem, making one time codes more durable by storing them safely in users’ Google Account.
With the update of the application, it will now be possible to synchronise your one-time passwords with your Google account. Google is taking advantage of the update to unveil a new, more colourful logo in the company’s colours.
An update that can create security holes ? ⚠️
However, this update is not without risk. With one-time codes stored in the Google cloud, users’ accounts are even more likely to be targeted for attack. If one Google account is hacked, attackers could gain access to several other accounts. That’s why Google has made this sync optional, as reported by The Verge. Let’s hope that a future update will give the user the choice to allow access from multiple devices or not, as is already the case with the Authy application.
In summary, this update to Google Authenticator is an important step forward, but it does carry security risks. Users should be aware of these risks and decide whether they want to sync their one-time codes with their Google account.
Have you implemented two-factor authentication on your accounts? If so, what do you think of this new feature? If not, why haven’t you taken the plunge yet? Tell us in the comments.