Would You like a feature Interview?
All Interviews are 100% FREE of Charge
Google has released an update to its popular authenticator app that stores “one-time codes” in cloud storage. This allows users who lose their authenticator-equipped device to maintain access to two-factor authentication (2FA).
April 24th blog director When announcing the update, Google said the one-time codes would be stored in users’ Google accounts, claiming that users would be “better protected against lockouts” and that it would provide “convenience and security.”
On Reddit on April 26th director On the r/Cryptocurrency forum, Redditor u/pojut wrote that while the update helps those who lose their devices with authenticator apps, it also makes them more vulnerable to hackers.
By protecting passwords in cloud storage associated with a user’s Google account, anyone with access to the user’s Google password will have full access to the app linked to the authenticator.
A user suggested using an old phone that is only used to store an authenticator app as a way to avoid problems with SMS 2FA.
“Also, if possible, I highly recommend having another device (perhaps an old phone or an old tablet) whose only purpose in life is to use for your authenticator app of choice. Nothing else. Do not use it for any other purpose.”
Likewise, cybersecurity developers Misk it took twitter Be warned of the additional complexities that come with Google’s cloud storage-based solution to 2FA.
Google has updated its 2FA Authenticator app with a long-awaited feature: the ability to sync secrets across devices.
TL;DR: Don’t turn it on.
A new update allows users to sign in with their Google account and sync 2FA secrets across iOS and Android devices. … pic.twitter.com/a8hhelupZR
— Misk (@mysk_co) April 26, 2023
This could prove to be a significant concern for users who use Google Authenticator for 2FA to log into their crypto exchange accounts and other financial related services.
The most common 2FA hack is a form of identity fraud known as “SIM swapping,” where scammers trick telecom providers into linking phone numbers to their SIM card, giving them control over their phone number. .
A recent example of this can be seen in the lawsuit filed against US-based cryptocurrency exchange Coinbase. A customer claimed to have lost “90% of his savings” after falling victim to such an attack.
Notably, Coinbase itself encourages the use of authenticator apps for 2FA instead of SMS. Description SMS 2FA as the “least secure” form of authentication.
I believe his password was compromised because it was used on another site. one of which he was compromised. Coinbase also labels his Authenticator app for his 2FA as “secure” and recommends labeling SMS as “moderately secure.”
— Dave Ferguson (@_sc0rn) March 7, 2023
Related: OFAC imposes sanctions on OTC traders who converted cryptocurrencies for North Korea’s Lazarus Group
On Reddit, users discussed the lawsuit and even proposed banning SMS 2FA, although one Reddit user said it is currently the only authentication option available for many fintech and cryptocurrency-related services. I’m here.
“Unfortunately, many services I use do not yet offer Authenticator 2FA. However, the SMS approach has proven to be insecure and I am convinced it should be banned. I have.”
Blockchain security company CertiK has warned about the dangers of using SMS 2FA, and its security expert Jesse Leclere told Cointelegraph:
magazine: 4 out of 10 NFT sales are fake: learn how to spot the signs of a wash trade
Want to benefit from our PR Services?
PR Services for business professionals to make an impact