Google recently released the Google Authenticator synchronization feature that syncs MFA codes to the cloud … if your Google account is compromised, so now are your MFA codes.

Wow, what an awful idea. Reduces the authenticator app right back to the “my email is my second factor for everything” level of security.

Just… why? Didn’t we already learned that cloud based password managers are stupid? That’s why I’m using my own instance of Vaultwarden on my own home server