In short, the network traffic used to sync the secrets in Google Authenticator is not end-to-end encrypted. The top 6 enterprise VPN solutions to use in 2023ĮY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverseĮlectronic data retention policy (TechRepublic Premium) Google offers certificate in cybersecurity, no dorm room required What is the security vulnerability in Google’s 2FA? Must-read security coverage However, the new syncing feature came with a major flaw. This is a “much-needed” feature, Mysk said, as it makes it easier to get back into an account even if you can’t access the device on which you originally logged in. The change came about when Google enabled its 2FA Authenticator app to sync credentials across different devices. On Android and iOS devices, users can sync 2FA credentials to log into various services such as social media. What does the update bring to Google’s Authenticator app?
How to use the Google Authenticator app safely.What does the update bring to Google’s Authenticator app?.Google Group Product Manager, Identity and Security Christiaan Brand tweeted that the Authenticator app shipped as intended. Mysk discovered a flaw in the feature in which “secrets” or credentials shared across devices are not end-to-end encrypted this could allow attackers or Google to view those credentials. On April 25, security researchers Tommy Mysk and Talal Haj Bakry, who are known collectively on Twitter as Mysk, warned users of Google’s Authenticator 2FA app to not turn on a new syncing feature. Google’s 2FA app update lacks end-to-end encryption, researchers findĭata synced between devices with the new Google Authenticator app update could be viewed by third parties.
0 kommentar(er)
