Premium
This is an archive article published on April 27, 2023

Why you shouldn’t use Google Authenticator 2FA code cloud backup feature

Google recently added a new feature to its Authenticator app that lets users backup their 2FA codes to the cloud.

google-preferred-btn
Google Authenticator | Google Authenticator 2FA cloud backup | Google Authenticator 2FA code backupGoogle Authenticator has over 100 million installs on the Play Store. (Image Source: Google Play Store)
Listen to this article
Why you shouldn’t use Google Authenticator 2FA code cloud backup feature
x
00:00
1x 1.5x 1.8x

Google Authenticator is one of the most popular authentication apps with over  100 million installs on the Google Play Store. Earlier this week, Google updated the app with a new feature that allows users to back up their one-time passwords to their Google accounts.

Authenticator apps let users generate one-time passwords for two-factor authentication and offer more protection compared to other methods like SMS-based 2FA, which are susceptible to SIM swap attacks and hackers. To give you a quick recap,two-factor authentication adds an extra layer of security by generating a one-time password in addition to your regular password.

For years, Google Authenticator users have complained about not being able to back up their 2FA codes to the cloud and lack of multi-device support. This meant that if you lost or reset your device, you would lose access to all 2FA configurations which made it hard for many to regain access to their accounts.

Also Read | Twitter is taking away two-factor authentication from March 20, here’s how to secure your account

Since Google rolled out the ability to backup 2FA codes to the cloud, security researchers at Mysk have found out that when the codes are uploaded to cloud servers, the traffic is not end-to-end encrypted. Moreover, there is no option to add a passphrase to protect these codes, meaning hackers who intercept the network traffic will be able to see all your codes.

According to a report by BleepingComputer, Google will be adding end-to-end encryption to the app support in the future. Until then, we recommend users avoid using the 2FA code cloud backup feature.

© IE Online Media Services Pvt Ltd
Latest Comment
Post Comment
Read Comments
Advertisement
Top Stories
Tata director admits: Breaking consensus got us unwelcome publicity, govt’s attention
Express ExclusiveTata director admits: Breaking consensus got us unwelcome publicity, govt’s attention
Set in an unspecified bygone era, Dinjith Ayyathan and Bahul Ramesh's Eko analyses, politicises, and problematises the idea of "protection" in a deep yet highly engaging manner.
EntertainmentEko: Dinjith Ayyathan pulls off a KG George; uses ecofeminism to show how men restrict women under the guise of protection
On November 1, the paan seller reached jeweller Mahesh Verma’s shop carrying the two sacks.
Trending'True love’: Kanpur paan seller collects Rs 1 lakh in coins for years to surprise wife with gold chain
India ODI squad South Africa
SportsIndia's ODI squad for South Africa: Ruturaj, Tilak, Rishabh – a chance to impress, but breaking into this batting order won't be easy
macaulay education
OpinionThe colonial mindset
Live Blog
Loading Taboola...
Advertisement