After recent update, where Google added accounts support to yet another of their apps, I am no longer getting 2FA code for my Google Account. Only dashes are displayed and clicking on it shows very terse error message: "Could not generate code for this account. Try removing it from Authenticator and setting it up...". Of course I opted out of using account in Authenticator, as my phone is connected to different Google account. So without any initial warning I am "locked out" of my Google account. Sure, I still can do whole dance with backup codes, SMS verification or "other options", but such breaking behaviour should not be happening in application of this high importance. And especially during holidays. Good job everyone.
Good job indeed.Started happening some time in Novenber, and they merrily keep rolling out this buggy Google Authenticator update after people reported the lock-out behaviour you encountered. Apart from corrupting the TOTP seeds for some users, this update also introduced the splendid new feature of backing up those secrets in, of all places, the Google cloud, opening up new vistas for hackers to take over your Google account completely. Which apart from being a rather catastrophic issue in general for many people is a very good starting point for emptying your online bank or crypto exchange account: <a href="https://news.ycombinator.com/item?id=42450221">https://news.ycombinator.com/item?id=42450221</a>
So farewell, Google Authenticator, won't miss you.
I use a yubico key which holds all my Google Auth 2FA secrets. A yubico app generates the 2FA codes. I also have a hardcopy of all secrets. An additional advantage is that the yubico key is protected with a PIN code. Works great for me.
I realize it's not for everyone but since this is HN, I breath a sigh of relief using this tool exclusively in Termux / PC shell instead of an app that stores the secrets in an obfuscated/proprietary/inaccessible manner: <a href="https://github.com/gopasspw/gopass/blob/master/docs/features.md#adding-otp-secrets">https://github.com/gopasspw/gopass/blob/master/docs/features...</a>
Google has issues with authentication.<p>I lost my childhood account because it decided the recovery codes, written on paper + stored in a safe location (matching) were all marked as invalid.<p>I'd have seen logs of them being used if someone had done something movie plot level like break into my personal safe.<p>I ended up just not going back -- I'd been experimenting with Protonmail, and libreoffice is enough for my word processing needs.
I was super annoyed when they added accounts to Authenticator and one misclicked pop-up sent my 2FA codes to the cloud. The moment I saw this new feature I knew something like what happened to OP would happen.<p>On the bright side I keep a copy of everything in a Yubikey as well.