Google Authenticator Allows Backups to the Cloud

To the relief of its users, Google has updated its Authenticator app to allow access across multiple devices and platforms. This update, at least in theory, will provide security-minded users a fallback in the event that their mobile device is lost, compromised, or wiped.

What Does Authenticator Do?

Google Authenticator is a mobile app designed to provide 2-factor authentication to log into accounts. 

2-factor authentication, or 2FA, was originally designed to add an extra layer of security to the decades-old practice of using a combination of a login and a password. Despite years of headlines about the dangers of account takeovers and forms of digital identity theft, roughly 70 percent of people reuse the same password across multiple accounts. (More accurately, 70 percent of people polled admitted to reusing passwords, the real number is likely higher.)

The obvious weakness of password-based authentication led to the idea of 2FA, where logging into an account would require something you know (a password) and something you have (a device). The advent of smartphones made receiving a text message with a code the preferred method for many. 

The trouble with this approach is that smartphones could be stolen, or the phone number associated with a device could be hijacked via a form of hacking called SIM-jacking–something that can be accomplished by social engineering employees at mobile carriers or simply bribing them. If this sounds far-fetched, consider for a moment that it was successfully used to hijack former Twitter CEO Jack Dorsey’s cell number.

Google’s 2010 release of its Authenticator app provided what seemed like a good solution at the time. Rather than receiving a text that could be intercepted, a secure app would provide a continuously refreshing code that was much harder to hijack or compromise. Google is by no means alone in offering a 2FA app; Facebook parent company Meta currently offers one as well as Authy, a third-party app.

This sounds like an elegant solution until you consider for a moment what happens when you lose your phone, lose access to it, need to wipe its contents, or just accidentally drop it in the toilet. In each case, you would lose the ability to easily log into any account linked to Authenticator.

Google’s recent blog post seems to be aimed at addressing this headache:

“With this update we’re rolling out a solution to this problem, making one time codes more durable by storing them safely in users’ Google Account. This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.”

While every new method of keeping accounts more secure has yielded a new set of logistical and practical difficulties, it seems like Google is moving in the right direction toward making an already more secure method of authentication more accessible.

Wondering how to best secure your accounts? Not sure what 2FA means or which solutions to implement? Nodal can help. Contact us today!