cloud synchronization for Google Authenticator is not secure
At the beginning of this week we were able to report the happy news about the arrival of synchronization of the Google Authenticator app with your Google account. Unfortunately, there is still a catch.
Contents
No encryption for Google Authenticator
Once you install Google Authenticator on a new phone, you don’t need to link all your accounts again. At the beginning of this week, Google announced synchronization of the Google Authenticator app with your Google account. That makes the app a lot more attractive compared to other authentication apps. Still, we cannot recommend using the new feature for the app.
Related articles
Synchronization of the Google Authenticator app with your Google account works without end-to-end encryption. This means that the data can be intercepted by Google or criminals. With end-to-end encryption, a security key is generated for each individual message that is sent. It can only be deciphered by the recipient with whom you share the same security key. In this case, that’s extra dangerous because two-factor authentication (2FA) is an extra layer of security for logging into accounts. A developer on Twitter reported this vulnerability and recommends the following:
While syncing 2FA authentication across devices is convenient, it comes at the cost of your privacy. Fortunately, Google Authenticator still offers the option to use the app without logging in or syncing codes. We recommend using the app without the new sync feature for now.
Happy responded Quickly google this problem. The company plans to roll out end-to-end encryption to its Authenticator app in time, but has already added account synchronization to the app because that feature is “useful and convenient.” That while this is contrary to Google’s mission to protect your privacy.
So for now it’s better to use the Authenticator app in the old way, so without turning on account synchronization. Let me know in the comments if you use the Google Authenticator at all, or if you’ve moved on to other solutions like Authy or Bitwarden.
Google Authenticator
Google Authenticator
What is Google Authenticator? In an era where cybercrime is the order of the day and password security is becoming increasingly important, using ..
