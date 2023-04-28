



After a security researcher criticized Google for not including end-to-end encryption in its Authenticator account sync update, the company announced “plans to offer E2EE” in the future. Google Products his manager Christiaan Brand wrote on his Twitter: “However, the option to use the app offline remains an alternative for those who prefer to manage their backup strategy themselves.” The Verge report: Earlier this week, Google Authenticator finally asked users to put his two-factor authentication code on Google. We started offering the option to sync with your account. This makes signing into your account on new devices much easier. While this is a welcome change, it also raises security concerns because if a hacker breaks into someone’s Google account, they could potentially gain access to a pile of other accounts as a result. If you do, hackers and other third parties, including Google, cannot see this information.

Security researcher Mysk highlighted some of these risks in a Twitter post, stating, “If a data breach occurs or someone gains access to your Google account, all of your 2FA secrets will be at risk.” pointed out. They added that Google may use information linked to accounts to serve personalized ads, and advised users not to use sync features until they support E2EE. Contending, Google encrypts “data in transit and at rest across our products, including Google Authenticator,” but E2EE enforcement “does not allow users to lock out their data unencrypted.” There is a price to pay,” he said. recovery. ”

