Google Authenticator changes a long-standing feature

Another change to another app! When we explain what it is, you may wonder whether this feature was worth having in the first place and question what the real advantage to it may have been.

What is Google authenticator?

This is a popular feature that acts as a security mechanism. Many businesses and organisations know and use this, but some people have never heard of it, so it is worth briefly explaining.

Google Authenticator keeps websites and software applications secure. It does this by using a 2-step verification process. One step in this process is using a one-time based password algorithm. Essentially what this means if those users have the app on their phone, random numbers are displayed for a time limited period, which must be entered into the website or software application in order to gain access. The code will reset (usually after 30 seconds,) and it this constant changing of the passcode in a very short space of time which keeps the platforms secure.

What is happening?

Within Google Authenticator there is a feature called ‘click to reveal pin.’ If a user double clicks this (i.e. to do the opposite,) then all codes are hidden from view. The point about Google Authenticator is it can be used for multiple websites or software platforms, so this means that multiple passcodes will be displayed at any one time. When authenticator was originally made, this raised concerns with some about the security of displaying these codes, hence the click to reveal pin feature was adopted, so codes could be hidden that were not needed. Remember that codes constantly change every 30 seconds whether they are being accessed or not. The latest change sees this feature being removed.

When would someone use this feature?

Most people have used the click to reveal pin feature in situations where they are with strangers, or in an ‘at risk environment,’ where there is a greater or heightened need to keep the passcodes secure.

Was it really a useful feature anyway?

The argument from many is that this feature was rather pointless, since as the codes change every 30 seconds, even if someone did see a passcode, by the time they could have done anything about it, a new code would have been generated. Many think that this is what has caused Google to drop the feature, though confirmation or commentary on this has been limited. Without a proper explanation, there is nothing to say that this feature won’t return, or perhaps they are working on making something even more secure associated with it?

Conclusion

Since its creation, the amount of updates and changes to authenticator have been very small. It’s a basic yet secure idea which works very well, and so the change of something that many people regard as ‘minor’ does appear more interesting than it might initially seem. Like everyone, we will wait for official explanation from Google, then we might be able to comment on what we think are any real intentions.

Learn more about our clients and the successful results we have had, by visiting our case studies page.