The latest update to the Google Authenticator doesn’t show the 2FA codes spontaneously and now waits for the user’s tap to reveal the codes.
According to 9to5Google, the feature is available on Google Authenticator 5.20. But this version has not been widely rolled out yet through the Play Store. However, you may be able to receive the feature in the coming weeks.
Traditionally, Google’s two-factor authenticator (2FA) app displays a six-digit login code as soon as you open the app. But in the new update, you need to tap “Click to reveal PIN” to get the code.
Moreover, by long-pressing the code, you can copy it to your clipboard for other actions (rename, delete, and reorder). This is aligned with Android 13’s new overlay and editor and stores the codes without revealing them. Android 13 also automatically removes the clipboard history to prevent apps from seeing what’s been copied before.
Google Authenticator 2FA codes aren’t in plain view anymore
The new method for revealing 2FA codes is a great way to protect codes and enhance privacy. It could add a new security layer to the app.
Using Google Authenticator for two-factor authentication is usually more secure than other methods like SMS. But even the 2FA is not safe from malware attacks. Just recently, the Escobar malware targeted the Google Authenticator codes. This malware uses VNC to take control of victim’s phone, then steals multi-factor authentication (MFA) codes generated by the Google’s app. It can even record audio or take photos.
Google is now insisting users activate two-factor authentication for their personal accounts. The company automatically enables 2-step verification (2SV) for its users as a preventive measure. Google barely releases updates to its Authenticator app. The last update for the app came in 2020, and brought a Material Theme redesign. Also, it added the ability to easily transfer accounts between devices.