Google Authenticator updated, finally allows syncing of 2FA codes

2023-04-26 11:04

Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync their codes to their Google account.

They can later be seamlessly synced to a new device once the Google Authenticator app is installed on it and connected to the users' Google account.

The new cloud sync feature is optional: you can still use Google Authenticator without logging in to your Google account, and your 2FA codes will remain on your device exclusively.

If you do though, and a hacker gains access to your Google account, they may connect a device on their own to it and sync those backed up codes to it.

Security researchers with Mysk also pointed out that the backed up codes are not end-to-end encrypted, meaning that Google can access them.

They also noted that when you ask Google to export data associated with your account, the 2FA secrets are not included in the download. It would be nice to know how Google handles the backed up codes and if there's an "Un-sync" option as well.

News URL

https://www.helpnetsecurity.com/2023/04/26/google-authenticator-codes-sync/

#2FA #google

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		141	996	4895	2855	1622	10368