We are excited to announce an update to Google Authenticator, across both iOS and Android, which adds the ability to safely backup your one-time codes (also known as one-time passwords or OTPs) to your Google Account. Across all of your online accounts, signing in is the front door to your personal information. It’s also the primary entry point for risks, making it important to protect. We make signing into Google, and all the apps and services you love, simple and secure with built-in authentication tools like Google Password Manager and Sign in with Google, as well as automatic protections like alerts when your Google Account is being accessed from a new device.
We released Google Authenticator in 2010 as a free and easy way for sites to add “something you have” two-factor authentication (2FA) that bolsters user security when signing in. While we’re pushing towards a passwordless future, authentication codes remain an important part of internet security today, so we've continued to make optimizations to the Google Authenticator app.
One major piece of feedback we’ve heard from users over the years was the complexity in dealing with lost or stolen devices that had Google Authenticator installed. Since one time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator.
With this update we’re rolling out a solution to this problem, making one time codes more durable by storing them safely in users’ Google Account. This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.
In addition to one-time codes from Authenticator, Google has long been driving multiple options for secure authentication across the web. Google Password Manager securely saves your passwords and helps you sign in faster with Android and Chrome, while Sign in with Google allows users to sign in to a site or app using their Google Account. We’ve also been working with our industry partners and the FIDO Alliance to bring even more convenient and secure authentication offerings to users in the form of passkeys.
To try the new Authenticator with Google Account synchronization, simply update the app and follow the prompts.
Making technology for everyone means protecting everyone who uses it. We’re excited to continue building and sharing convenient and secure offerings for users and developers across the web.
As a cybersecurity enthusiast and expert in authentication methods and internet security, I've been closely involved in exploring and implementing various two-factor authentication (2FA) mechanisms and technologies, including Google Authenticator. Over the years, I've actively monitored developments in this field, staying abreast of new trends, tools, and enhancements to bolster online security.
The update to Google Authenticator, announced across both iOS and Android platforms, represents a significant stride in enhancing user security. It introduces a pivotal feature allowing the safe backup of one-time codes (OTPs) or one-time passwords to users' Google Accounts. This new functionality not only addresses a longstanding issue but also aligns with the ongoing industry-wide push towards improved security practices.
Google Authenticator initially emerged in 2010 as a crucial tool to enable "something you have" two-factor authentication, bolstering user security during sign-ins. Despite the transition towards a passwordless future, authentication codes remain integral to internet security. Google has continually optimized the Authenticator app, responding to user feedback and evolving security demands.
One notable challenge users faced with the previous iteration of Authenticator was the complexity arising from lost or stolen devices. Since one-time codes were solely stored on a single device, losing access to that device resulted in the loss of authentication capabilities across various services utilizing Authenticator-based 2FA.
The recent update addresses this concern by securely storing one-time codes within users' Google Accounts. By doing so, it fortifies users against potential lockouts and enables services to rely on users retaining access, significantly enhancing both convenience and security.
Moreover, beyond Google Authenticator, Google has actively driven multiple secure authentication options on the web. Google Password Manager securely saves passwords and expedites sign-ins on Android and Chrome. Additionally, "Sign in with Google" offers users a streamlined authentication process using their Google Accounts. Furthermore, collaborations with industry partners and the FIDO Alliance have paved the way for even more convenient and secure authentication offerings, such as passkeys.
To experience the updated Google Authenticator with Google Account synchronization, users simply need to update the app and follow the provided prompts. This improvement aligns with Google's commitment to creating inclusive technology while safeguarding every user who engages with it.
Overall, this update reflects Google's dedication to advancing secure authentication practices, emphasizing both convenience and robust protection for users and developers across the web.
