Connect with us

News

Will Google’s plan to link Authenticator to Accounts increase security risk?

Published

on

Google Authenticator is a recognized two-factor authentication application that enables internet users to secure their online accounts. On the 25th of April, Google announced an update that would allow users to sync their Authenticator accounts across multiple devices, which led to concerns from security researchers about the app’s lack of end-to-end encryption (E2EE).

In response to these concerns, Google product manager Christiaan Brand stated on Twitter that the company has plans to offer E2EE in the future. While no specific timeline was provided, this announcement is a positive development for the security of Google Authenticator and its users.

https://twitter.com/christiaanbrand/status/1651279648519774209?t=Z7pV99s7hKFrm0-e17hi8A&s=19

End-to-end encryption is a security feature that ensures data confidentiality and security throughout the transmission process by encrypting it at the source and only decrypting it at the destination. This function is especially important in authentication apps like Google Authenticator that hold sensitive user information.

Syncing two-factor authentication tokens with Google accounts is now an option for users, which makes it much simpler to sign into accounts on new devices. This is a welcome and beneficial update to the app. However, it also raises some security issues because hackers who are successful in accessing one Google account might possibly do the same to multiple other accounts. 

On the other hand, if the app functionality features E2EE, it would be difficult for hackers and other third parties, including Google to see information

Mysk, a security researcher, pointed out some of these flaws in a Twitter post, stating that if a user’s Google Account is compromised or there is a data breach, an attacker could potentially gain access to the user’s Google Authenticator codes, rendering the 2FA method ineffective. This is because the codes are stored locally on the user’s device and are not synced to the cloud or backed up.

While Google is yet to disclose how the E2EE functionality will be implemented, it is likely that the upgrade would include the use of a secure key or passcode that only the user has access to. Users are left with the option of using the feature without using E2EE.

 

Read Also: What is the Wakanda Inu NFT Raffle & how to participate 

0 0 votes
Article Rating
Advertisement Earnathon.com
1 Comment
0 0 votes
Article Rating
Subscribe
Notify of
guest

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Crypto News Update

Latest Episode on Inside Blockchain

Crypto Street

Advertisement



Trending

ALL Sections

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x