If you’re serious about protecting your online accounts, you’re surely using some type of authentication app. Please don’t tell me you’re using SMS for that! I use Google Authenticator in a limited fashion because it’s a little more limited than my preferred choice, Authy. Today sync comes to Google Authenticator, bringing it to closer to other options. Sadly, Chromebooks are still second-class citizens when it comes to Google’s authentication solution.
The good news for Google Authenticator
Google’s Security Blog introduced the new synchronization feature today. Until today, one time passwords stored in Google Authenticator were stored locally on the same device as the app. Lose or break your device and those one time passwords were gone. And that’s a problem if you don’t have Google Authenticator on other accessible devices.
The new change now synchronizes the one-time passwords across all of your devices with Google Authenticator installed. Of course, it uses Google Sync, a staple for Chromebook users. More on that on in a minute.
Google says the new sync feature in Google Authenticator is “making one time codes more durable by storing them safely in users’ Google Account. This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.”
The Google Authenticator sync function is optional, so if you don’t want your codes in the cloud, you don’t have to use that feature. However, I already upgraded my Authenticator app and enabled sync. Why? Because without it, it’s a huge pain to set up Google Authenticator on a new device.
Every two-factor account has to be manually set up unless you use the Export feature from one device to another. Now all of my authentication codes appear on all of my supported devices. Simply installing the app on a new device and signing in will show all of the two-factor accounts and codes.
Sorry Chromebook users, no Google Authenticator for you
I just mentioned “supported devices” above and unfortunately, Chromebooks generally aren’t included in that list. I do recall installing the Android version of Google Authenticator on my Pixel Slate. That was the last Chromebook I used where I could install the app though.
I thought perhaps the Android app worked on the Slate because of the device’s fingerprint sensor. I just tried to install it on the HP Dragonfly Pro Chromebook, which also have a fingerprint sensor but it was a no go. So that’s not the barrier here. I suspect Google-branded devices, or at least those with a fingerprint sensor (read: The Pixel Slate), is the current requirement.
This brings me back to my mini rant about Chromebook fingerprint sensors. I said that they need to do more than just have the ability to unlock your laptop. This is a perfect use case and example of where a finerprint sensor could add value as a two-factor authentication solution.
In fact, I find it mind-blowing that Google Authenticator, now with Google Sync support, can’t effectively be used on Chromebooks. I can, and do, use it on my iPhone and iPad. But my Chromebooks? Can’t do it. And that’s a damn shame. Frankly, it should be part of the “Better Together” strategy at the very least; that’s the ChromeOS Phone Hub feature that ties your Android phone and Chromebook together.
Maybe the in-progress, upcoming app streaming experience in Phone Hub will let you use Google Authenticator with a Chromebook. That of course, will only work with Android phones, so it won’t help me, of course. Either way, Google Authenticator is still a second-class citizen, at best, when it comes to ChromeOS. And it shouldn’t be.
The long-term solution may be Passkeys which will work on Chromebooks
Before I toss my Chromebook against the wall in frustration, there may be hope on the horizon. No, it won’t involve Google Authenticator but then again, it won’t need to. I’m talking about the Passkeys initiative announced last year.
Instead of passwords, Passkeys are like approved authentication tokens. Like passwords, you’ll have to set up a Passkey for each app or service you use. But there’s no “choosing” a combination of alphanumeric and special characters. No password length requirement. And no need to remember a password. So there’s no need to type any passwords, either.
Instead of one-time passwords from an authenticator app, Passkeys check to see if you have the private keys created during the Passkeys configuration on each account. So they combine a password and second factor all in one, without sending authentication codes.
If that’s the master plan on bringing more secure account credentials to Chromebooks, then I’ll just have to wait for the implementation. Until, then I’ll use my Chromebook and my… iPhone.