• Skip to main content
  • Skip to primary sidebar
  • Deals
  • Features
  • Guides
  • Chromebooks
  • Videos
  • Podcast
  • More +
    • Reviews
    • Unboxing
    • Upcoming Devices
    • Chromebook Plus
    • Chrome
    • ChromeOS
    • Chrome OS Flex
  • Search
  • Sign Up
  • Log In
Chrome Unboxed – The Latest Chrome OS News

Chrome Unboxed - The Latest Chrome OS News

A Space for All Things Chrome, Google, and More!

  • Deals
  • Features
  • Guides
  • Chromebooks
  • Videos
  • Podcast
  • More +
    • Reviews
    • Unboxing
    • Upcoming Devices
    • Chromebook Plus
    • Chrome
    • ChromeOS
    • Chrome OS Flex
  • Search
  • Sign Up
  • Log In

Uh oh, Google’s Authenticator app now cloud syncs your codes, and they’re not E2E encrypted

April 27, 2023 By Michael Perrigo View Comments

Support our independent tech coverage. Chrome Unboxed is written by real people, for real people—not search algorithms. Join Chrome Unboxed Plus for just $2 a month to get an ad-free experience, access to our private Discord, and more. Learn more about membership here.
START FREE TRIAL (MONTHLY)START FREE TRIAL (ANNUAL)

Google just announced on its Security Blog that the company’s Authenticator app is getting not only a redesign with a new, modernized logo but also, and finally account synchronization for your codes! The app never used to cloud sync your authentication codes, leading to much frustration and annoyance not only when setting it up, but if you swap phones or upgrade, the app needs to be set up again, leading many people to being locked out of their accounts that require these codes.

“One major piece of feedback we’ve heard from users over the years was the complexity in dealing with lost or stolen devices that had Google Authenticator installed. Since one time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator.”

Google Security Blog

This is great and all, but in an odd twist, these codes, while synced to your Google Account for easier setup and recall on new devices, are not end-to-end encrypted! This is a big mistep by Google, and users are starting to notice that this solution is half-baked.

Xremove ads

By not having E2E encryption, these could potentially be exposed or intercepted by malicious third parties. According to Mysk on Twitter, who told Gizmodo about the lack of encryption, they “analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted,” and stated, “This means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.”.

Essentially, by backing up your secret codes, Google could even view them raw on their servers thanks to an exposed “seed” used to generate your codes. By getting a hold of that seed, anyone could create their own codes for your account and use them to gain access. Of course, this means that if Google were hacked and someone got a hold of its server data where this information of yours was stored, they would have direct access to all of your stuff.

Featured Videos

Xremove ads

Google was quick to respond to this situation via CNET stating that it’s still planning on rolling out E2E encryption to its Authenticator app in time and that it added account syncing for “convenience” even though it clashes with the very idea of keeping users at arm’s length from risk and security concerns.

(1/4) We’re always focused on the safety and security of @Google users, and the newest updates to Google Authenticator was no exception. Our goal is to offer features that protect users, BUT are useful and convenient.

— Christiaan Brand (@christiaanbrand) April 26, 2023

You can still use the app without syncing your secret codes, which means that for any users who do see this (there are many who will unwittingly sync their accounts anyway), I would recommend you use it the way you always have – cut off from Google’s servers. Let me know in the comments if you use the Google Authenticator at all, or if you’ve moved on to other solutions like Authy.

SUBSCRIBE TO UPSTREAM

Get Chrome Unboxed delivered straight to your inbox

Upstream is our flagship, curated newsletter with the top stories, most click-worthy deals, giveaways, and trending articles from Chrome Unboxed sent directly to your inbox a few times a week. Join 31,000+ subscribers.

Xremove ads
SUBSCRIBE HERE!

Filed Under: Apps, Privacy and Security

About Michael Perrigo

Known as "Google Mike" to his customers, Michael worked at Best Buy as a Chromebook Expert who dedicated his time to understanding the user experience from a regular Chromebook owner's perspective. Having spent nearly 20 years meeting you face-to-face, he strives to help you understand your technology through carefully crafted guides and coverage, relentlessly seeking out the spark in what's new and exciting about ChromeOS.

Primary Sidebar

Xremove ads

Deals

The new Lenovo IdeaPad Slim 3 Chromebook gets a super-affordable $249 configuration

By Robby Payne
July 7, 2026

The best Chromebook deals today

By Robby Payne
July 7, 2026

Lenovo quietly updates the IdeaPad Slim 3 Chromebook in some pretty big ways

By Robby Payne
July 2, 2026

The impressive ASUS CM32 Detachable from CES 2026 just landed at Best Buy and is on sale

By Robby Payne
July 1, 2026

Deal alert: the best Chromebook ever made is a whopping $400 off right now

By Robby Payne
June 22, 2026

More Deals

Xremove ads

Reviews

Acer Chromebook Plus Spin 514 Review: the best convertible you can buy [VIDEO]

By Robby Payne
July 1, 2026

Lenovo Chromebook Plus 2-in-1 Review: pretty great in a vacuum

By Robby Payne
April 23, 2026

My review after 6 weeks with the Lenovo Chromebook Plus 14 [VIDEO]

By Robby Payne
August 11, 2025

One week with the best small Android tablet you can buy, and I’m sold

By Robby Payne
May 9, 2025

Best Chromebooks of 2024 [VIDEO]

By Robby Payne
November 28, 2024

More Reviews

Xremove ads

Guides

This Chromebook trackpad shortcut is definitely not new, but is blowing my mind

By Robby Payne
March 11, 2024

How to reduce broadcast delay on YouTube TV to stop live spoilers

By Robby Payne
December 8, 2023

Windows PC keyboard and Chromebook

How to use a Windows keyboard with a Chromebook

By Joseph Humphrey
December 8, 2023

How reset and revert your Chromebook to the previous version of Chrome OS

By Robby Payne
November 29, 2023

My Chromebook Plus features disappeared: here’s how I fixed it

By Robby Payne
November 24, 2023

More Guides

TWITTER · FACEBOOK · INSTAGRAM · YOUTUBE · EMAIL · ABOUT

Copyright © 2026 · Chrome Unboxed · Chrome is a registered trademark of Google Inc.
We are participants in various affiliate advertising programs designed to provide a means for us to earn fees by linking to affiliated sites.

PRIVACY POLICY