I still have Google Authenticator on my phone, but I hadn't been using it. I see that you now must choose between using it "with an account", in which case your codes are saved "to your account", or using it without an account. I just installed Google Authenticator onto my tablet, selected that I would "continue as [Google Account]), and voila, there are all my codes.
I presume that if you use it "without an account", the codes are not backed up, although I'm not going to test that now.
I am curious what backed up "to your account" means. I'm often logged into Google on my laptop — is it possible to access the TOTP codes from there? If my laptop is hacked it would be a disaster, and I at least want to reduce the blast radius so that accounts requiring MFA are out of reach to the hacker unless they also hack my phone or tablet.
Issues for me with Google Authenticator:
1. The cloud backups are not encrypted: https://www.reddit.com/r/cybersecurity_help/comments/1fysqij...
2. There's a strong possibility that if my laptop gets compromised my Google account will be compromised simultaneously.
3. I try (often in vain) to limit my Google exposure because if I lose access to my Google account, it will be hard to get it back due of Google's limited support offerings.
