Authenticator

Google has released the first update for Google Authenticator in years and it comes with the long-awaited feature of being able to move 2FA accounts between devices.

When securing online accounts, many sites offer a feature called 2-factor authentication (2FA), or as 2-step verification (2SV), which requires a user to scan a unique QR code on an authentication app.

Once an account is created on the authentication app, it will allow you to generate tokens that are only valid for a short period of time and need to be entered into a site before logging in.

Some authentication apps, such as Authy or Microsoft Authenticator let you register multiple devices or login into an account so that all of the imported 2FA/2SV accounts are synchronized between the devices.

Google Authenticator, though, did not offer this ability, and if you switched to a new device, you would need to go to every site, disable 2FA, reenable it, and then import the 2FA QR code onto the new device.

If you use 2FA on many sites, this is a huge chore and is the main reason I stopped using Google Authenticator and moved to a different authenticator.

Google Authenticator now lets you move accounts to new devices

In its first update since 2017, Google has released Google Authenticator 5.10, which now includes the ability to import and export 2FA/2SV accounts between devices.

"Today is World Password Day, and we found it fitting to release an update that'll make it even easier for users to manage Google Authenticator 2-Step Verification (2SV) codes across multiple devices. We are introducing one of the most anticipated features - allowing users to transfer their 2SV secrets, the data used to generate 2SV codes across devices that have Google Authenticator installed. For instance, when upgrading from an old phone to a new phone. This feature has started rolling out and is available in the latest version (5.10) of Google Authenticator on Android," Google announced in a new blog post.

Using this new feature, Google Authenticator users can select the 2SV accounts they wish to export on one device, and a QR code will be generated.  The user can then scan this QR code with Google Authenticator on a new device to import the 2SV accounts.

A demonstration of this import/export process can be seen below.

Demonstrating new import and export functionality
Demonstrating new import and export functionality

I prefer Google's method of moving 2SV accounts compared to Authy's and Microsoft Authenticator's, which synchronize your accounts through their servers.

While these accounts may be encrypted and stored securely, I find it more reassuring knowing that my Google Authenticator 2SV accounts are only stored on my mobile devices and not elsewhere.

While this new feature in Google Authenticator is terrific news, the bad news is that it is only available on the Android version of the app.

For iPhone users, you are still stuck on the same version released in 2018, and Google has not stated if an updated version will be released.

BleepingComputer has contacted Google to see if they have plans on releasing an iOS version but had not heard back.

Related Articles:

Hackers abused API to verify millions of Authy MFA phone numbers

Google Pixel 6 series phones bricked after factory reset

Rafel RAT targets outdated Android phones in ransomware attacks

Snowblind malware abuses Android security feature to bypass security

New Medusa malware variants target Android users in seven countries