https://twitter.com/mysk_co/status/1651021165727477763

TLDR; Don't enable it (at least for now) and double check if it's disabled.

So recently Google Authenticator pushed an update which gives users an option to backuped their OTPs in their google account/cloud for syncing. By the way this update is disabled by default.

You can still use the authenticator as is without using the new feature.

So what's the issue here?

Your 2FA code contains a seed called a secret, a string of characters that is used as a key to generate your OTPs. If someone knows this key then others can generate OTPs that will be accepted by your Authenticator. So if anyone gets accessed to your Google account then all your 2FA connected to that account is compromised, and the possibility of being fucked is there.

The update has been rolled out on IOS devices, but Android hasn't pushed the update to Play Store yet. So if you're an android user it probably hasn't reached your device yet but if you're an IOS user and updated the app make sure you have it disabled.

To check if it's disabled follow these steps:

1. Open the app and tap on the kebab menu (the 3 vertical dots)

2. Tap on Settings

3. Tap on "Backup to Google Account", so if you see this and when you tapped on it it directs you to a set of instructions on enabling it then just go back or exit the app, it means you don't have it enabled and you're good to go.

The update will require you to sign in your google account anyway so you won't miss it anyway.

Edit: LOL I'm being accused of clickbaiting but apparently there are those who reported that after updating they have it enabled. And I do know that this is disabled by default hence my TLDR.