In a new update to its Authenticator app, Google is rolling back a feature that it introduced earlier – Click to reveal PIN, without specifying any reason.
Google enabled this support in the Authenticator app earlier as an added layer of security, which would show only the required PIN instead of tapping on it. Also, Google Authenticator, in the latest version, noted “device encryption to the storage of secret values” in its update notes.
Rolling Back a Security Feature in Google Authenticator
Google Authenticator is one of the most widely used MFA apps globally, with many relying on it for extra security to their online accounts. In a May update, the app added a new security feature called “Click to Reveal PIN” – that’ll automatically hide all the PINs when the app is opened and will show the required one only after tapping on it.
This seemed useful, as it avoided anyone standing by the side peep into the screen to see the code. Though it’s a simple change, it added needed security to the process. But, for some reason, it’s now rolled back in the latest update!
As noted by 9to5Google, Google is disabling the Click to Reveal PIN support in Authenticator’s v5.20R4. Thus, showing up all the codes in plain sight when you open the app. One thing to note is that Google never passed this feature, even for testing, to its Authenticator iOS client.
Another change that Google brought in this update is the “device encryption to the storage of secret values“, as noted in its change log.