Google Authenticator Cloud Sync Feature Lacks End-to-End Encryption

Google has launched a new feature to its Google Authenticator app called Cloud Sync, which allows users to sync their two-factor authentication (2FA) tokens across various devices. While this was a much-anticipated innovation, it lacks end-to-end encryption (E2EE), leaving users susceptible to possible security breaches.

Mysk security researcher discovered that Google Authenticator information was not end-to-end encrypted when syncing between devices, making it easy for attackers to access this information and control the 2FA code. Additionally, QR codes for 2FA usually contain other information, such as account name and service name, which Google can see, potentially using this information for personalized advertising.

However, Google has acknowledged users’ concerns and stated that it would add E2EE to future versions of Google Authenticator. Google Group Product Manager Christiaan Brand said they are careful to roll out this feature in their products, as E2EE can lock users out of their data.

While Google Authenticator encrypts data in transit and at rest, users should be cautious when using the sync feature and consider using the app without signing in or syncing secrets. Additionally, Google already offers E2EE in some services, such as Google Chrome, where users can set a passphrase to encrypt data synced with their Google account.

The convenience of syncing 2FA codes across devices comes at the cost of privacy, but Google is taking steps to address this issue and prioritize user security and safety. Users need to stay informed about the security features of their online accounts and take necessary precautions to protect their personal information.

Meet Vishak, TechLog360's Content Editor and tech enthusiast. With a Computer Science degree and a passion for all things tech, Vishak delivers the latest in hardware, apps, and games with expertise. Trusted for his in-depth reviews and industry insights, he's your guide to the digital world. Off-duty, he's exploring photography and virtual gaming landscapes.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream