If you've been using Google Authenticator as a multifactor authentication with LastPass, you may have recently noticed a warning to update the app. With an error message indicating that the "old" version of Google Auth will no longer be supported, the prompts redirect you to Google Play to install the "new" version. We discovered that Google silently launched version 2 (2.15 to be exact) of Google Authenticator on March 21st - not just an upgrade, but a new app.
If you want to get technical, the new app's program name is com.google.android.apps.authenticator2, while the old one was com.google.android.apps.authenticator. Because version 2 is a new app, and Google appears to be removing the old version from the store, the "update" process is a little more involved. The upgrade prompts will take you to Google Play, where you can install the new version, migrate your tokens, and uninstall the outdated version. If you attempt to install version 2 with version 1 still installed, you'll see prompts to uninstall the latter.
Google offers the following updates to the app in their changelog:
- Updated look and feel
- New entry for Google Play, same great app
- "Scan barcode" and "Manually add account" options moved to Menu > Add account.
To expand on that explanation:
- The signing key used on the old version of Google Authenticator (SHA1 fingerprint:
24:BB:24:C0:5E:47:E0:AE:FA:68:A5:8A:76:61:79:D9:B6:13:A6:00) is also used to sign: Scoreboard, Goggles, Finance, Google Voice, Shopper, Transalte, Chrometophone, Earth, Reader, and a few others.
- The signing key used on the new version of Google Authenticator (SHA1 fingerprint:
38:91:8A:45:3D:07:19:93:54:F8:B1:9A:F0:5E:C6:56:2C:ED:57:88) is used to sign: Google Maps, Google Play Store, Gmail, Google+, Google Chrome and Google Music.
The changes appear to only affect Android devices, so will not affect those running Google Auth on their iPhone.
The LastPass Team