Security News > 2023 > April > Google will add End-to-End encryption to Google Authenticator

Google will add End-to-End encryption to Google Authenticator
2023-04-26 21:11

Google is bringing end-to-end encryption to Google Authenticator cloud backups after researchers warned users against synchronizing 2FA codes with their Google accounts.

This new feature allows users to synchronize their Google Authenticator 2FA tokens with their Google account, providing a backup if their mobile device is lost or damaged.

As Google Authenticator does not offer end-to-end encryption, the data is stored on Google's server in a format that unauthorized users could potentially access, whether through a Google breach or an unscrupulous employee.

Google has heard users' concerns about the lack of end-to-end encryption and said they would add it to a future version of Google Authenticator.

"We encrypt data in transit, and at rest, across our products, including in Google Authenticator. End-to-End Encryption is a powerful feature that provides extra protections, but at the cost of enabling users to get locked out of their own data without recovery. To ensure that we're offering a full set of options for users, we have also begun rolling out optional E2EE in some of our products, and we plan to offer E2EE for Google Authenticator in the future."

Google also already provides E2E encryption in some of its services, such as Google Chrome, which lets you set a passphrase to encrypt data synchronized with Google accounts.


News URL

https://www.bleepingcomputer.com/news/google/google-will-add-end-to-end-encryption-to-google-authenticator/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995