You install the app in your phone, it links with your g00gle account. I'm not saying it's "insecure" I'm simply saying that you are linking your phone, and your google account to any website each time you want to log in. The key generated is pinged by the website to get the key to enter.
Why do I must have a g00gle account anyway? Check "Cryptonit": without g00gle auth, (and without you giving information to google), you can't withdraw your coins.
Let them control your life, luckily I read the "terms of service".
This just isn't true.
..you can use the Google Authenticator app to receive codes even if you don’t have an Internet connection or mobile service.
It's open source. The login authentication code is generated by an algorithm based off the current timestamp, and changes every 30 seconds.
Google generates an 80-bit secret key for each user. This is provided as a 16 character base32 string or as a QR code. The client creates an HMAC-SHA1 using this secret key. The message that is HMAC-ed can be:
the number of 30 second periods having elapsed since the Unix epoch; or
the counter that is incremented with each new code.
A portion of the HMAC is extracted and converted to a 6 digit code.