Concerns Raised Over Google’s New 2-Factor Authenticator

Crypto traders are growing alarmed about a new update to Google’s 2-factor authenticator app. Critics say it puts your crypto at risk.

Google has recently released an update to its Authenticator app. Its product, which is used for 2-factor authentication (2FA) across a variety of sites and services, is one of the most popular on the market.

Crypto Experts React

The update allows for the safe backup of one-time codes (OTPs) to a user’s Google account. This addresses a long-standing issue with the app where a loss of the device with the Authenticator installed would mean the loss of access to all 2FA-enabled services.

However, a second concern has been raised by two cybersecurity experts. The traffic during sync between devices is not encrypted. This allows Google to view the secrets and seeds stored on their servers. If there’s a data breach or someone gains access to the Google account, all 2FA secrets could be compromised. Google can also see which online services users use, which could be used for personalized ads.

While this update may strike some as a convenience, it has also raised concerns about cloud synchronization and the potential for increased security risks.

Many crypto exchanges will require users to set up 2FA to access their accounts or withdraw funds. Digital wallet providers may also require users to use 2FA to access their wallets or to send funds.

Critics are worried the update will make crypto traders’ assets more vulnerable.

OTP Cloud Storage

The primary concern is that the update makes it easier for hackers to access 2FA-enabled services. Since the OTPs are now stored in a user’s Google account, a hacker who gains access to the account could potentially access all services using Google’s 2-factor Authenticator app. While using strong passwords and other security measures can mitigate the risk, it is still a cause for concern.

Google has noted that this feature is optional and can be turned off if users prefer not to use cloud synchronization. Additionally, users can have a separate device for their authentication app, with no other apps or data stored on it. This will also help curb your security risk.