Google Authenticator Now Syncs Your One-Time Codes Across Devices

pcmag.com:

The one-time codes that Google’s Authenticator app generates to secure your accounts no longer have to live in one place. Instead, they can sync to your Google account.

This update announced Monday(Opens in a new window) by Google closes a feature gap between Authenticator and such competing authenticator apps as Twilio's Authy (as well as many password-manager services) that have long provided cloud synchronization.

All of these apps stop a password from being the last line of defense for an account by generating quickly expiring, single-use codes as defined in the Time-Based One-Time Password (TOTP) standard(Opens in a new window). When you type in these numbers on a site's login page, the site compares the code you typed with one it just generated based on a shared cryptographic formula created when you enabled TOTP verification. If they match, you’re in.

Google Authenticator was among the earliest mass-market TOTP apps, having debuted in 2010(Opens in a new window), but for its first few years it did not support phone-to-phone transfer of saved codes. You had to set them up anew for each account on a new device, a chore that Google security chief Stephan Somogyi admitted to me in 2017 was "a complete, total and unmitigated pain(Opens in a new window)."

Google later added a more pleasant code-transfer system(Opens in a new window) in which the copy of Authenticator on your old phone generates a QR code(Opens in a new window) that you scan with Authenticator on your new device. But that doesn’t work with a lost or stolen phone, while the new account-synchronization feature ensures your codes stay with you, unless you opt to use Authenticator without an account.

To set it up, update the Google Authenticator app and