Google applied an important change to Google Authenticator at the end of April. From now on, it is possible to receive the six-digit codes on multiple devices. Previously, this was only possible on a device that must be chosen in advance.
For years, we have encouraged our customers to properly secure their accounts, including using Google Authenticator (Two-factor authentication). While Google's update provides more convenience, it has potentially negative effects on account security. In fact, the strength of Google Authenticator was that you had to be physically in possession of your own phone, and its password. In the new situation, access to a Google account is enough. So the extra layer of security of a physical element falls away.
To still ensure the security of your account, there are several steps you can take. First, it is possible to disable the new feature. Here, the code will again be created and displayed on a single device that you have to choose in advance (usually your cell phone). Another option is to use a different authenticator. Think for example of Duo Mobile or Authy.
It is important to take the security of your online accounts seriously and evaluate them regularly. The changes to Google Authenticator show that even a reliable security method does not always remain as reliable as you would like. Fortunately, there are several measures you can take to ensure the security of your accounts. You can use unique passwords, a password manager and regularly check that your e-mail address and passwords have not been leaked, such as through https://haveibeenpwned.com/. If you decide to continue using Google Authenticator, consider disabling the new feature and/or using an alternative. Remember: better security is always better than convenience.