Google Authenticator Gets Cloud Backup

Last updated on April 19th, 2024 at 02:38 am

Google Authenticator on an Android phone displaying three 2FA codes for two Twitter accounts and a Reddit account. The phone is resting on a red laptop.
The Google Authenticator app installed on my phone. Image credit: Rebecca Lea Morris

Google Authenticator is perhaps the best known authenticator, a type of app that generates 2FA codes. But it lacked a crucial feature that many of its competitors, like Authy, have had for a long time: cloud backups.

The latest update to Google Authenticator, announced in a blog post by Google’s Christiaan Brand, changes that. In the newest version, users will be able to back up their 2FA codes to their Google accounts. This means that if a user loses or breaks their phone, they’ll be able to restore their 2FA codes from their Google account and get up and running again quickly.

An AI generated image of a man holding out his phone underneath a cloud, with white strings connecting the phone and the cloud.
Image generated using Midjourney. Prompt: A person holding out their phone underneath a cloud with strings linking the phone and the cloud, digital art style

Google Authenticator could be backed up manually prior to the latest update by making use of the app’s “Export accounts” feature. However, the process was somewhat complicated and, as it had to be repeated anytime a new account was added to the app, was not exactly convenient.

As a result, many users didn’t make a manual backup. If they then lost or broke their phone, they’d find themselves without access to their 2FA codes and unable to log in to their accounts. 

The new update should make that unpleasant scenario far less common. As Brand put it in his blog post, “This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.”

But not everyone is comfortable backing up their 2FA codes to the cloud. Fortunately, as reported by The Verge, making use of the new cloud backup feature is entirely optional.

Update April 26th: The security researcher duo known as Mysk warned on Twitter that Google does not end-to-end encrypt 2FA data when it gets synced to a user’s Google account. This means that Google, and anyone else who gains access to your Google account, can see your 2FA codes if you enable cloud backup. Hopefully, Google will change how the backup option works to make it more secure.

Leave a Comment

Your email address will not be published. Required fields are marked *