Comment by andyjohnson0
4 months ago
Just checked and Google authenticator seems to be synced to my account, which is a huge SPOF and not what I want. It's possible that I did this without realising, but does anyone know of a way to revert authenticator to local-only? I don't see anything obvious.
> It's possible that I did this without realising
IIRC on my platform, when they added the feature they turned it on by default, as an auto-installed update.
And if you're logged into the gmail app on the same device that also logs you into authenticator.
You didn't do anything wrong.
FWIW, I still remember recoiling in horror when I was asked whether I wanted to sync my Google Authenticator stuff.
I remember getting prompted for it on iOS when they added it. I still have it turned off.
Better option is to not use Google's TOTP app. Use something else
You can't revert, they keys are sent, they have them. They can't un have them. You'll need to rotate your MFA.
> You can't revert, they keys are sent, they have them. They can't un have them. You'll need to rotate your MFA.
Not true. See https://news.ycombinator.com/item?id=42471459
You've missed the point entirely. The point is not that you can't recover the codes. The point is that if you are concerned about uploading codes due to the security implications (which most people on here are) then you need to do more than just disabling uploading, you also have to go rotate all the secrets that were uploaded.
3 replies →
> does anyone know of a way to revert authenticator to local-only?
To answer my own question: tap the profile pic (top right on Android) and choose the Use Without an Account option. Removes codes from cloud storage and any _other_ devices. Mentioned in TFA.
I am literally mind f** by the wording “Use Authenticator without an Account”. This is one of the most tortured and cryptic phrases I have seen. Government legalese is more straightforward than Google.