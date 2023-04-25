



The one-time codes generated by Google’s Authenticator app to secure your account no longer need to be in one place. Alternatively, you can sync to your Google Account.

The update, announced by Google on Monday(Opens in a new window), breaks the gap between Authenticator and competing authentication apps that have long provided cloud sync, such as Twilio’s Authy (and many password manager services). Fill the feature gap.

All of these apps make passwords the last line of defense for your account by generating single-use codes that expire quickly, as defined by the Time-Based One-Time Password (TOTP) standard (opens in new window). Prevents lines. When you enter these numbers on your site’s login page, the site compares the code you entered with a code generated based on the shared cryptography created when you enabled TOTP verification. If they match, you are participating.

Google Authenticator was one of the early mass-market TOTP apps that debuted in 2010 (opens in new window), but for the first few years it supported transferring saved codes from phone to phone. did not. Google’s head of security Stephan Somogyi admitted to me in his 2017 chore that it was “complete, complete, unmitigated pain (Opens in a new window).”

Google later added a more comfortable code transfer system(Opens in a new window). In this system, a copy of your old phone’s Authenticator generates a QR code(Opens in a new window) that you scan with your new device’s Authenticator. However, while it won’t work on lost or stolen phones, the new account sync feature ensures that your codes are retained unless you choose to use his Authenticator without an account.

(Credit: PCMag/Google)

To set it up, update your Google Authenticator app. You will be asked to link your Google account. Then, for example, you can download Google Authenticator for iPad and log in with the same Google account to get codes on iPad as well as iPhone.

As a bonus, Google Authenticator’s app icon changed from a stylized gray “G” to an asterisk in Google’s brand colors of blue, red, yellow and green (opens in new window).

Syncing your TOTP code to your Google account also increases the potential damage if your Google account is compromised. If you use this, you should lock your account with a USB security key, which is the most secure type of two-factor authentication available. Available from Yubico and other vendors for $25 and up, these keys confirm your identity based on a shared cryptographic secret. It’s also immune to phishing, as it won’t even attempt that exchange with the wrong domain name.

Passwordless authentication unlocks your phone via biometrics (to confirm you’re who you say you are) while you’re near the computer (verified by Bluetooth to prove you’re really there) to confirm that you are logged into the computer. It completely eliminates the need for two-factor authentication. But while Apple, Google, and Microsoft unusually jointly endorsed the passwordless specification last spring, the industry is just beginning to support the standard.

