If you’re a Google Authenticator user, something the company has been encouraging for years, you’re part of one of its two large user groups. On the one hand there are those who, for whatever reason, have lost access to the app on the device they were using it on, and on the other are those who fear that this could happen at some point. Obviously the first ones are the ones that have come out worst off, but as a member of the second group I can guarantee that it goes a bit hard every time one stops to think about the potential consequences of losing the phone, that it stops working suddenly, that they steal it from us…
Two-factor authentication (2FA) has become, with the passage of time and the proliferation of cybercrime, a very real need. Many users show a preference for the password+SMS modality, but the truth is that short messages for mobile phones have been shown to be the most insecure system to obtain the one-time keys typical of these systems. However, services like Google Authenticator, Authy and the like do offer a more than adequate level of security.
Some online services offer, for the hypothetical loss of access to the app that generates the access codes, a series of one-time keys that we can use to regain access. However, downloading and safekeeping these special keys also poses a security problem, which is why in the end many users rule out this option and do not download them. Which brings us back, before the loss of access to the app, to the starting box.
The search engine company claims to have been aware of this for a long time and, consequently, as we can read on the company’s security blog, Google Authenticator now supports synchronization of Google accounts in the cloud. This function is already available globally and, to start using it, it is only necessary to download the latest app update, open it and enter our Google account for synchronization to take place.
From that moment on, if we install the app on another device as we will only have to log in with the Google account and, immediately, we will recover the generation of the single-use keys for the services that we already had configured on the other device. In addition, by synchronizing in the cloud, whenever we add a service from any device, it will immediately become available on the others.
This, of course, on the one hand gives us the security of knowing that we can recover our accesses, although it also means that we must be even more sure of protecting access to our Google account, otherwise we could be making access to the accounts we intended to protect with this system available to any potential attacker. Thus, and in case you are thinking about it, yes, activating Google Authenticator cloud synchronization is, at least for now, completely optional. Which brings us back to square one after the loss of access… how difficult it is to find a 100% reliable solution, right?