Google Authenticator’s first update in a year arrived at the end of May, hiding your 2FA codes until you clicked to reveal them. Google has taken a turn away from that feature in an update to Authenticator this week.
The “Click to Reveal PIN” feature has been removed in Google Authenticator version 5.20R4 so that every two-factor authentication code in that list is shown right away when the app is opened.
Google’s click to reveal feature was most likely an effort to increase security by making it more difficult for those who are physically close to you to peek at your phone’s screen and grab something. However, codes already change every 30 seconds, so it’s unclear how successful of a measure it actually was. By just displaying the code you need, this feature has an unforeseen benefit of helping you focus.
This change was never rolled out to the iOS app, which can request you to confirm Face/Touch ID before revealing codes and would be a useful option to have on Android for shared device use situations.
Google has already added device encryption to the storing of secret values, according to an update to Authenticator’s Play Store release notes. This most recent version of Google Authenticator was widely released earlier this week with no further modifications to the app.