Quick News Bit

Google Authenticator sync lacks end-to-end encryption, but Google is working on it

0

Google finally added a great feature to Google Authenticator, support for account syncing, which will save you a lot of trouble along the way. You won’t have to worry as much about a lost or stolen smartphone, and upgrading your iPhone and Android handset will be even easier. But Google Authenticator account sync lacks a major security feature: End-to-end encryption (E2EE).

Since Google Authenticator holds your two-factor authentication (2FA) keys for various key services, data encryption sounds like a no-brainer. And the app does encrypt data while in transit, but it’s not end-to-end encryption. Google is fixing the issue down the line, however.

Soon after Google announced account syncing for Google Authenticator data, security researchers discovered that the feature doesn’t support end-to-end encryption.

That sounds like a big security issue that could prevent you from taking advantage of the account syncing convenience. If worry about the lack of full encryption, you might very well postpone syncing until Google rolls out end-to-end encryption support.

But Google Authenticator data should be secure. The data between your devices and Google’s server is encrypted in transit. The only problem is that a data breach involving a Google account would also jeopardize the security of 2FA codes.

Google product manager Christiaan Brand addressed the matter on Twitter. He revealed that support for end-to-end encryption is coming.

“We’re always focused on the safety and security of @Google users, and the newest updates to Google Authenticator was no exception. Our goal is to offer features that protect users, BUT are useful and convenient,” Brand said.

“We encrypt data in transit, and at rest, across our products, including in Google Authenticator. E2EE is a powerful feature that provides extra protections, but at the cost of enabling users to get locked out of their own data without recovery.”

The exec also said that Google started rolling out optional end-to-end encryption in some products, and Google Authenticator will follow.

“Right now, we believe that our current product strikes the right balance for most users and provides significant benefits over offline use,” Brand added. “However, the option to use the app offline will remain an alternative for those who prefer to manage their backup strategy themselves.”

Using the app offline means not signing into your Google account from Authenticator until E2EE rolls out.

As for the actual end-to-end encryption’s arrival, you’ll have to prepare to create strong recovery keys and store them somewhere safe. But we’ll cross that bridge when we get there. Brand hasn’t offered an actual timeline for Google Authenticator getting end-to-end encryption.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment