The new Google Authenticator update allows syncing 2FA codes to the cloud, which can pose a security risk as they could be easily accessed by a cybercriminal. For this reason, we recommend going back to the previous function to protect your Google account.
A few days ago Google Authenticator received a new update that allows you to sync 2FA codes to your Google account. This means that the app can work both offline and in the cloud, but this poses a security risk.
Having two-factor authentication codes synced in the cloud can be dangerous, as a cybercriminal can easily and simply gain access to them. The previous version of the application had as a relevant feature to work locally, which seemed logical.
However, Google Authenticator debuts cloud sync. It means that the encrypted unique codes are saved in your account . In this way, if you lose your mobile, you can reinstall these codes on your new smartphone, just by signing in to Google .
It should be noted that maintaining 2-Step Verification in this manner is a major security risk. Any hacker who manages to corrupt your account will be able to get hold of your codes and, therefore, access your Google account from another device.
Effective method to use the new Google Authenticator without cloud sync
There is no doubt that the Google Authenticator app is a great tool to maintain two-step verification to sign in on new devices . But honestly, it’s a risk, for this reason we recommend you disable them and use them locally.
If you do not want your Google account to be compromised, you can deactivate cloud synchronization and leave the 2FA codes local, that is, only on the mobile you are going to use.
- The first thing you need to do is open the new Google Authenticator app, it must be updated to the latest version.
- Now, click on your profile picture.
- Then you will see a window with several options on the screen. At this point you must select “Use without an account”. And select “Continue”.
In this way, the 2FA codes will only work on the mobile and without an Internet connection. However, you can always revert the feature and sync the codes to the cloud by following the procedure above.
Google’s unique encrypted codes are a tool that not only allows you to protect your account, but also other services such as Twitter, Facebook, PayPal, among others.
It is an additional layer of authentication, which means that in addition to entering the password, you will have to provide an additional security code to confirm your identity.
With this security measure, if someone gets your Gmail password, they won’t be able to access it without the 2FA code. Of course, this code is only obtained in the Google authenticator application.