Sync comes to Google Authenticator but Chromebooks left out
If you’re serious about protecting your online accounts, you’re surely using some type of authentication app. Please don’t tell me you’re using SMS for that! I use Google Authenticator in a limited fashion because it’s a little more limited than my preferred choice, Authy. Today sync comes to Google Authenticator, bringing it to closer to other options. Sadly, Chromebooks are still second-class citizens when it comes to Google’s authentication solution.
The good news for Google Authenticator
Google’s Security Blog introduced the new synchronization feature today. Until today, one time passwords stored in Google Authenticator were stored locally on the same device as the app. Lose or break your device and those one time passwords were gone. And that’s a problem if you don’t have Google Authenticator on other accessible devices.
The new change now synchronizes the one-time passwords across all of your devices with Google Authenticator installed. Of course, it uses Google Sync, a staple for Chromebook users. More on that on in a minute.
Google says the new sync feature in Google Authenticator is “making one time codes more durable by storing them safely in users’ Google Account. This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.”
The Google Authenticator sync function is optional, so if you don’t want your codes in the cloud, you don’t have to use that feature. However, I already upgraded my Authenticator app and enabled sync. Why? Because without it, it’s a huge pain to set up Google Authenticator on a new device.
Every two-factor account has to be manually set up unless you use the Export feature from one device to another. Now all of my authentication codes appear on all of my supported devices. Simply installing the app on a new device and signing in will show all of the two-factor accounts and codes.
Sorry Chromebook users, no Google Authenticator for you
I just mentioned “supported devices” above and unfortunately, Chromebooks generally aren’t included in that list. I do recall installing the Android version of Google Authenticator on my Pixel Slate. That was the last Chromebook I used where I could install the app though.
I thought perhaps the Android app worked on the Slate because of the device’s fingerprint sensor. I just tried to install it on the HP Dragonfly Pro Chromebook, which also have a fingerprint sensor but it was a no go. So that’s not the barrier here. I suspect Google-branded devices, or at least those with a fingerprint sensor (read: The Pixel Slate), is the current requirement.
This brings me back to my mini rant about Chromebook fingerprint sensors. I said that they need to do more than just have the ability to unlock your laptop. This is a perfect use case and example of where a finerprint sensor could add value as a two-factor authentication solution.
In fact, I find it mind-blowing that Google Authenticator, now with Google Sync support, can’t effectively be used on Chromebooks. I can, and do, use it on my iPhone and iPad. But my Chromebooks? Can’t do it. And that’s a damn shame. Frankly, it should be part of the “Better Together” strategy at the very least; that’s the ChromeOS Phone Hub feature that ties your Android phone and Chromebook together.
Maybe the in-progress, upcoming app streaming experience in Phone Hub will let you use Google Authenticator with a Chromebook. That of course, will only work with Android phones, so it won’t help me, of course. Either way, Google Authenticator is still a second-class citizen, at best, when it comes to ChromeOS. And it shouldn’t be.
The long-term solution may be Passkeys which will work on Chromebooks
Before I toss my Chromebook against the wall in frustration, there may be hope on the horizon. No, it won’t involve Google Authenticator but then again, it won’t need to. I’m talking about the Passkeys initiative announced last year.
Instead of passwords, Passkeys are like approved authentication tokens. Like passwords, you’ll have to set up a Passkey for each app or service you use. But there’s no “choosing” a combination of alphanumeric and special characters. No password length requirement. And no need to remember a password. So there’s no need to type any passwords, either.
Instead of one-time passwords from an authenticator app, Passkeys check to see if you have the private keys created during the Passkeys configuration on each account. So they combine a password and second factor all in one, without sending authentication codes.
If that’s the master plan on bringing more secure account credentials to Chromebooks, then I’ll just have to wait for the implementation. Until, then I’ll use my Chromebook and my… iPhone.
Working on Chromebook team at Google must be fun – all that time teaching other Google workers what a Chromebook is…
Most my stuff only has sms for 2fa …. using apps is not a choice for a lot. Non tech companies who use 2fa move very slow…. and old people don’t like these complex apps..
Still don’t use these apps when they can be used, prefer USB keys.
These apps will never be priority for Chromebooks because phones are the priority. I try and stay away from anything that requires phone on, just allows this to happen. Essentially all you guys who loved playstore on Chrome OS have basically destroyed Chromebooks for the sake of being able to play Candy Crush. Tell me I’m wrong??
Who needs microsoft to say Chromebooks can’t do x and y, when Google are working on that themselves… Microsoft holding Googles beer… whilst you lot play Candy Crush…
This what happens when developers let shouty users bully them.. lots of sugar and no fibre.
I moved off Google Authenticator due to lack of sync, to Authenticator Pro—an open source alternative with more polish. For example it supports backup to an encrypted file as well as multi device use. But the killer feature for me is there’s a WearOS version. Install it on your watch, it Bluetooth syncs from your phone and you’re good to go. I get all my 2FA codes from my Pixel Watch now. Super handy.
Nice! With Authy, I do the same, but on an Apple Watch. Love having 2FA on my wrist.
Maybe the Chromebook team declined the offer for this app to work on Chromebooks just yet…..
https://nakedsecurity.sophos.com/2023/04/26/google-leaking-2fa-secrets-researchers-advise-against-new-account-sync-feature-for-now/
Chromeos devices don’t currently have the capability for chromeos fingerprint scanner integration with the Android container. Presumably, this will eventually be developed at some point in time.
I am a Chromebook Duet and was able to install the Android version of Google Authenticator fine. That’s what I have been doing for ages. Agree you saying this doesn’t work for other Chromebooks?