Comment by plagiarist
4 months ago
> By default, Google Authenticator syncs all one-time codes with a Gmail user’s account, meaning if someone gains access to your Google account, they can then access all of the one-time codes handed out by your Google Authenticator app.
When business guys are involved in a security app. Many of us can easily imagine the "user story" that caused this.
Just look at the probably hundreds or more comments here through the years of people bashing Google for having their authenticator app not sync TOTP secrets to the cloud. For the longest time it was pulling teeth to get the app to surrender the TOTP secrets saved inside.
Google listened.