Google has updated Google Authentictor, its iOS app for managing two factor authentication codes for accessing accounts.
But if you install the app onto your iPhone or iPad, you’ll find it wipes out all of your existing account information.
What does that mean? Well, next time you try to log into a website or service that you have set up to require a two factor authentication code from Google Authenticator, you’ll find that the app isn’t creating a code for you as it is has wiped all of your tokens, and is no longer connected with your online services.
In short, you’re locked out. All because you updated Google Authenticator.
Users will have to try to access their accounts via a different methods (lets hope you registered a backup device for this kind of emergency) to setup Google Authenticator with their accounts again.
What a pain. Did Google do no quality assurance on this update?
Curiously, the Android version of Google Authenticator appears to be unaffected.
Bugs like this certainly aren’t going to do any favours when it comes to encouraging more people to adopt two factor authentication for better security.
My advice is to hold off updating Google Authenticator until Google sorts this mess out, something that The Next Web reports the firm is already working on.
Kind of makes you think twice about having iOS 7 automatically download and install updates.
If you're looking for a replacement for Google's Authenticator app, check out Duo Security's mobile application. It supports everything Google's does (including TOTP-based services) but is actually a first-tier app and not an after thought like Google's offering. Some details are over at http://guide.duosecurity.com/third-party-accounts — it even supports iOS 7 properly, too!
My tokens were nuked last night due to this issue. Fortunately I had back up methods to restore access to my accounts and have already restored access to all my accounts.
I do hope the "fix" doesn't nuke my efforts this morning!