[ehhthing]

Yes, this is an option (that you definitely should turn on).

I think Google shipped another underbaked product here. They have E2EE implemented for Chrome sync data already. They should have just used that rather than going with whatever system they decided. Adding Google Authenticator to the Chrome Password Manager is probably much more useful than having it as a standalone app.

[varenc]

I can see Google's rationale for keeping them seperate. It is supposed to be the 2nd factor after all, and if your 2FA secrets are stored and synced right along with your passwords that really makes it not much of a second factor. The same can be said for any cloud based 2FA secret syncing, but I believe for most users they still only have 1 phone with Authenticator and the 2FA secrets on them, and this cloud syncing is just about allowing someone that gets a new phone to restore their 2FA secrets. That's pretty different from actively syncing your passwords between all of your mobile and desktop devices like Chrome's sync does.

Also I'm sure there's many use cases for Authenticator when you're not already in Chrome or even in a web browser. Stuff like entering a 2FA key when logging into your VPN. It'd be awkward in that situation to pull up Chrome and find some obscure menu just to get your VPN's 2FA code.