The Google Authenticator app got updated today. As a frequent user with lots of accounts I've noticed that the app is now significantly slower: It takes several seconds to start the application and to generate the next iteration of pins. The "click to reveal pin" is just jarring to use and doesn't add any additional security in my opinion. Wondering if anybody else on HN shares this frustration.
Wow, yeah it's much worse. It feels noticably sluggish and that's really frustrating. Like watching your favorite desktop app get turned into an Electron monstrosity.<p>The minimalistic and fast interface was why I liked Google authenticator in the first place. Feels like it's moving in the wrong direction just to service someone's promotion checklist.<p>If anyone at Google can connect with the person/team responsible, please tell them it was perfect the way it was and to just roll it back!
Why increase the cognitive workload to login with MFA?<p>It's already:<p>Type in password expecting a smooth login > Process that the new empty text box means you have to check your MFA source > Realise you have to find your phone > Find the authenticator app > Look through the (mine is long) list of registered accounts > If there are duplicates (e.g. AWS Account X, AWS Account Y) then select the right one > See if the timer is nearly 0 and if you'd like to risk using the code displayed > Enter code
I can't stand how Google recommends this, as a dark pattern that their TOTP app is special and that users have to use it for 2FA for Google. There are so many better TOTP apps out there (like Authy or Aegis).<p>For a while, Google Authenticator was abandonware (despite them still recommending it for 2FA!), and didn't have any options for backup/restore. They have always been the worst 2FA app in terms of features and bugs, not surprised that they're getting even worse with time.
Good, maybe it'll finally drive people off of it over to one which survives your phone going into the proverbial drink<p>While it is absolutely a debatable security practice, don't forget modern password managers (1Password, Bitwarden, KeePassXC, maybe others) support TOTP natively
I can recommend these apps on Android (both are open source and have many features).<p>Aegis Auth - <a href="https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis" rel="nofollow">https://play.google.com/store/apps/details?id=com.beemdevelo...</a><p>andOTP - <a href="https://play.google.com/store/apps/details?id=org.shadowice.flocke.andotp" rel="nofollow">https://play.google.com/store/apps/details?id=org.shadowice....</a>
Really annoying, I don't understand why someone would think it increases security.
Now I have to make another click every time I need to use 2FA.
Time for a new app.
Oh...sad i didn't saw this early. Already updated here and this reveal "feature" is the worst usability experience they could push to an app like that. I use this daily to login to multiple services and will migrate to something more like the old version asap.
I don't see the update yet. Haven't it provided ways to add a more advanced OPT yet?
E.g. more digits, different hashing algorithm, different interval, ...?<p>It's a shame that it does not support them.