![]() ![]() Am I doing something wrong here? Or is google making this extra complicated? The google authenticator says to Scan a QR code or Enter a setup key. I want to add that code to the authenticator so I can use 2FA to protect my account. And then on my smart phone that I don't have it connected to the internet. I want to get my code to protect my google account. What's the point of having to login into my google account from my computer. I would have to log out of my computer account. I should be able to get a 2FA code from my computer to put into my google authenticator. Now it's asking me to login onto my phone. Now for some reason, I'm already logged into my account on my computer. When I go to my google account on my computer. To unsync Authenticator from your Google account, select the account icon and choose the “Use Authenticator without and account” option.Here is the issue. However, the option to use the app offline will remain an alternative for those who prefer to manage their backup strategy themselves,” he added. “Right now, we believe that our current product strikes the right balance for most users and provides significant benefits over offline use. With RSA Conference underway, that’s not wholly unexpected.Ĭhristiaan Brand, Product Manager at Google, says that the company plans to offer E2EE for Google Authenticator “down the line.” We’ve reached out to Google to get those questions answered, but haven’t heard back yet. As things stand, from a security and privacy perspective, this is a handy option that seems to have been poorly implemented. It would be nice to know how Google handles the backed up codes and if there’s an “un-sync” option as well. They also noted that when you ask Google to export data associated with your account, the 2FA secrets are not included in the download. Not all attackers are external, after all. In theory, malicious insiders may access a target’s account and sync the codes to another device. Security researchers with Mysk also pointed out that the backed up codes are not end-to-end (E2E) encrypted, meaning that Google can access them. They would then just need to phish or guess the passwords – or buy them online if they’ve been compromised in a previous breach and not changed. ![]() ![]() They would then also know the usernames for those accounts, as they are used to distinguish the 2FA codes for each service. If you do though, and a hacker gains access to your Google account, they may connect a device on their own to it and sync those backed up codes to it. The new cloud sync feature is optional: you can still use Google Authenticator without logging in to your Google account, and your 2FA codes will remain on your device exclusively. Security and privacy-related observations Microsoft Authenticator also has the encrypted backup/sync option. ![]() They can later be seamlessly synced to a new device once the Google Authenticator app is installed on it and connected to the users’ Google account.Ī similar or same feature is already available in other popular authentication apps.įor example, Authy encrypts and stores users’ 2FA codes in the cloud, and Raivo OTP allows users to export their one-time passwords to encrypted ZIP archives and to sync them (encrypted) with their Apple iCloud. They will then be prompted to sign in to their Google account so their Authenticator can automatically back up the codes to it. Users of the app must first update it to v6.0 on Android and 4.0 on iOS. How to back up your Google Authenticator codes This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,” Brand added. “With this update we’re rolling out a solution to this problem, making one time codes more durable by storing them safely in users’ Google Account. “Since one time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator,” said Christiaan Brand, Group Product Manager at Google. Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync (effectively: back up) their codes to their Google account.īefore this update, losing one’s mobile device with Google Authenticator on it created many problems for end users and enterprise IT departments. ![]()
0 Comments
Leave a Reply. |