Google adds account synchronisation to its 2FA authenticator app

The update aims to help users recover their credentials if a device is lost or stolen.

This week Google announced an important update to Google Authenticator, its multi-factor authentication app. The update is in response to user feedback that identified a need to help users avoid losing access to their login credentials.

Google Authenticator is a way to enable two-factor authentication for users to help protect their Google accounts. The app also works with many third-party services.

The authenticator app works by generating a set of one-time login codes (also known as one-time passwords or OTPs) valid for connecting to a specific application. In order to log into the application, the user needs to enter his or her username and password but also a newly generated OTP. This process, known as two-factor authentication, or 2FA, helps reduce the risk of account breaches by adding a time sensitive second credential.

Protecting users from “lockout”

Christiaan Brand, Google Group Product Manager for Identity & Security, detailed the new release in a blog post. “We released Google Authenticator in 2010 as a free and easy way for sites to add ‘something you have’ two-factor authentication (2FA) that bolsters user security when signing in”, he explains.

Brand then describes the reasoning behind the new addition. “One major piece of feedback we’ve heard from users over the years was the complexity in dealing with lost or stolen devices that had Google Authenticator installed”, he says. “Since one time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator”, Brand continues.

With this new update, Google Authenticator will sync OTPs to the user’s Google Account. The person can then regain access to the codes stored on a lost device simply by signing into their account. 

“This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security”, Brand says.