Security News > 2023 > April > Google Authenticator updated, finally allows syncing of 2FA codes

Google Authenticator updated, finally allows syncing of 2FA codes
2023-04-26 11:04

Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync their codes to their Google account.

They can later be seamlessly synced to a new device once the Google Authenticator app is installed on it and connected to the users' Google account.

The new cloud sync feature is optional: you can still use Google Authenticator without logging in to your Google account, and your 2FA codes will remain on your device exclusively.

If you do though, and a hacker gains access to your Google account, they may connect a device on their own to it and sync those backed up codes to it.

Security researchers with Mysk also pointed out that the backed up codes are not end-to-end encrypted, meaning that Google can access them.

They also noted that when you ask Google to export data associated with your account, the 2FA secrets are not included in the download. It would be nice to know how Google handles the backed up codes and if there's an "Un-sync" option as well.


News URL

https://www.helpnetsecurity.com/2023/04/26/google-authenticator-codes-sync/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 994 4925 2877 1623 10419