Google Authenticator Cloud Sync Feature Lacks End-to-End Encryption

Google has launched a new feature to its Google Authenticator app called Cloud Sync, which allows users to sync their two-factor authentication (2FA) tokens across various devices. While this was a much-anticipated innovation, it lacks end-to-end encryption (E2EE), leaving users susceptible to possible security breaches.

Mysk security researcher discovered that Google Authenticator information was not end-to-end encrypted when syncing between devices, making it easy for attackers to access this information and control the 2FA code. Additionally, QR codes for 2FA usually contain other information, such as account name and service name, which Google can see, potentially using this information for personalized advertising.

However, Google has acknowledged users’ concerns and stated that it would add E2EE to future versions of Google Authenticator. Google Group Product Manager Christiaan Brand said they are careful to roll out this feature in their products, as E2EE can lock users out of their data.

While Google Authenticator encrypts data in transit and at rest, users should be cautious when using the sync feature and consider using the app without signing in or syncing secrets. Additionally, Google already offers E2EE in some services, such as Google Chrome, where users can set a passphrase to encrypt data synced with their Google account.

The convenience of syncing 2FA codes across devices comes at the cost of privacy, but Google is taking steps to address this issue and prioritize user security and safety. Users need to stay informed about the security features of their online accounts and take necessary precautions to protect their personal information.

Vishak is a skilled Content Editor at TechLog360 with a passion for technology. He has a keen eye for the latest trends and advancements in the field of technology. He specializes in creating engaging and informative content on a range of technology-related topics, including the latest hardware news, app reviews, games, smartphones, and much more. He stays up to date with the latest news and breakthroughs in these areas and delivers insightful articles and blog posts that help readers stay informed and engaged.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream