Yeah what can be done is create a clean Google account registered through an anonymous phone number and a throwaway user name & password, and best to secure it with a hardware key just to make sure no one can get into your OTPs by somehow getting access to those credentials. That should allow you to save credentials in an account at least if you make sure to not login to it on the same device as your other accounts.

But also not blaming anyone for not trusting Google in the first place.

I read their article but didn’t understand their methodology. This is pretty much in contrast to this video where a bunch of apps got audited and to everyone’s surprise Google Authenticator seemed like one of the most private alternatives.

Really not trying to defend Google here because… they’re fucking Google, but I’m wondering why the results are so different.

IMO because it’s a Signal group and you can’t separate user profiles and have to register with a phone number (yeah I know I know you have a username now). Some people including me won’t join therefore