I used to recommend and use Google Authenticator for my 2SV (two-step verification) needs. But over the years, it was superseded by more advanced apps that do more and which make the security offered by 2SV more convenient. I no longer use Google Authenticator, but for those who do still use it, Google has added what it claims is “one of the most anticipated features.”
So, what is this feature?
It’s the ability to migrate 2SV secrets to other devices that have Google Authenticator installed.
Must read: Still using Google Authenticator? Here’s why you should get rid of it today
The process is simple and doesn’t send any data to Google servers to make the transfer — communication is directly between the two devices and involves scanning a QR code generated by Google Authenticator.
Google has also implemented a variety of alerting mechanisms and in-app logs to make sure users are aware when the transfer function has been used in Google Authenticator, making it harder for someone to make a transfer surreptitiously.
Google has begun to roll out this feature, starting with the 5.10 release of Google Authenticator for Android. iOS users will have to wait for this feature.
It’s a good start, but it feels like too little, too late. Pretty much every decent password manager comes with its own authenticator tool built in, as well as excellent third-party services such as Authy. Google Authenticator has a long way to go before it catches up with these.