I don't understand: Why on earth does google want to sync MFA tokens? They're one-time use, aren't they? Or... feh, I can't even fathom
Syncing of "MFA codes" is really syncing of the secret component of TOTP (time based one time password).
And it's a good thing, and damn any 2fa solution that blocks it. I don't want to go through onerous, incompetent, poorly designed account recovery procedures if a toddler smashes my phone. So I use authy personally, while a friend backs his up locally.
> I don't want to go through onerous, incompetent, poorly designed account recovery procedures if a toddler smashes my phone
Why don't you use the printed recovery tokens?
Not all websites offer them.
Hell, no bank I use (several large and several regional) support generic totp. Some have sms, one has Symantec VIP, proprietary and not redundant.
Edit: since I'm posting too fast according to HN, even though I haven't posted in an hour, I'll say it here. Symantec is totp but You cannot back up your secrets and you cannot have backup codes.
Symantec VIP is TOTP under the hood.