Google Authenticator introduces two-factor access code synchronization to the cloud

In context: Google says it's actively getting ready for a "passwordless future," while authentication codes and passwords are still an important part of internet security today. Thanks to the latest optimizations the company brought to its Authenticator app, such codes are now simpler and more practical to use.

Answering to "one major piece of feedback" that came from users over the years, Google has added a synchronization feature to its two-factor authentication app for Android and iOS. The latest version of Google Authenticator can backup one-time access codes (OTP) in the Google Account cloud storage, making managing and using said codes across different devices and services easier.

Google released the Authenticator app in 2010 as a free and easy way for websites to add 2FA security features to user logins, but the OTP codes have always been stored on the single devices that the app was installed on. If said device was stolen or lost, users lost their ability to sign it to any service configured to use Authenticator's 2FA feature.

The updated app provides a solution to this long-standing problem, Google said, making OTP codes "more durable" thanks to the fact that they are now stored in the cloud with a Google Account. Mountain View said that users are now better protected from potential lockouts, while 2FA-compatible services can rely on users retaining access for increased convenience and security.

The OTP synchronization option is available only with the latest version of the Authenticator app, and Google provides an extensive support page explaining everything users need to know to use the tool. One-time passwords and authentication codes provide a more robust approach to login security compared to "old-gen" features such as SMS-based codes; on mobile, Apple's iOS supports the feature natively.

Syncing OTP codes to the cloud makes 2FA easier, but it can also bring additional security risks to high-profile or heavily cloud-reliant users. Tying all passwords and security codes to a single cloud (Google) account makes said account a more interesting target for attackers and cyber-criminals, who will just need to breach a single service to completely "own" a target's digital life.

Users choosing to sync their OTP codes to Google Accounts aren't provided with additional security measures beyond the ones already available right now. For this reason, Google confirmed that OTP synchronization is completely optional. For users signed into their Google Account within Google Authenticator, codes are automatically backed up and restored on any device they use.