![]() Security and privacy-related observations Microsoft Authenticator also has the encrypted backup/sync option. They can later be seamlessly synced to a new device once the Google Authenticator app is installed on it and connected to the users’ Google account.Ī similar or same feature is already available in other popular authentication apps.įor example, Authy encrypts and stores users’ 2FA codes in the cloud, and Raivo OTP allows users to export their one-time passwords to encrypted ZIP archives and to sync them (encrypted) with their Apple iCloud. They will then be prompted to sign in to their Google account so their Authenticator can automatically back up the codes to it. Users of the app must first update it to v6.0 on Android and 4.0 on iOS. How to back up your Google Authenticator codes This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,” Brand added. “With this update we’re rolling out a solution to this problem, making one time codes more durable by storing them safely in users’ Google Account. “Since one time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator,” said Christiaan Brand, Group Product Manager at Google. “The app developer should not be able to read the content of the data.Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync (effectively: back up) their codes to their Google account.īefore this update, losing one’s mobile device with Google Authenticator on it created many problems for end users and enterprise IT departments. “Since 2FA apps deal with secrets, the only secure way to sync data across devices is by using end-to-end encryption,” Mysk says. ![]() The encryption method ensures the companies can’t see the contents of your sign-in codes. “Google Authenticator doesn’t send this sort of data.”ĭespite adding more convenience, it doesn’t appear that either Google or Microsoft’s authentication apps back up people’s 2FA sign-in codes using end-to-end encryption when they are synced. “Most apps, including Microsoft Authenticator, send behavioral analytics-that is, how users use the apps and where they tap,” Mysk says. In terms of data the apps collect, Mysk says Google’s Authenticator performs “very well” and doesn’t share details of QR codes with Google. For example, Microsoft’s sync doesn’t work between iOS and Android devices, making it harder to switch operating systems and take your 2FA codes with you. Mysk says that there are security and privacy limitations to the major 2FA apps. Tommy Mysk, an app developer and security researcher who runs the software company Mysk, has tested multiple 2FA apps and found rogue apps available to download. Google spokesperson Kimberly Samra says “that risk is much smaller than that you lose your device, no longer have your OTPs, and then the service has to use a much weaker mechanism for allowing you to log in.” ![]() There is also the option to keep using Google Authenticator without logging in to a Google account.įor instance, if someone gains access to your Google account, they may also be able to access your 2FA codes for your other online accounts. When I downloaded Authenticator on my iPad after setting up sync on my phone, the codes appeared once I had logged in. Authenticator gives you the option to use the app with your Google login, and if you select this option, your Google profile will show in the top right corner of the app, next to a sync icon. Syncing your Google Authenticator codes now happens through your Google account-the feature is available on the latest iOS and Android versions of Google’s app. “This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.” Brand says the sync feature has been one of the most requested since the Authenticator app was released in 2010. “Since one-time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator,” Christiaan Brand, a group product manager at Google, wrote in a blog post announcing the change.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |