Google's Authenticator Update Raises Security Concerns (2024)

Google has published an update to its Authenticator app that keeps a "one-time code" in cloud storage. This update is part of the company's endeavor to assist customers in maintaining access to their two-factor authentication (2FA) systems. Users who have misplaced their device that contained their authenticator may still access their two-factor authentication using this code. The storage of one-time codes in a user's Google Account, as recommended by Google, is said to improve both convenience and security and shield users from being locked out of their accounts. However, this approach is causing other people to worry about their safety.

See Also
Reset MFA in User Portal - JumpCloudHow to Turn Off 2-Step Verification on Your Google Account on AndroidDisable Google Authenticator cloud sync feature for better security - Delta ExchangeHow To Back Up The Google Authenticator App

In a post made to the r/Cryptocurrency forum, the user u/pojut pointed out that keeping one-time codes in cloud storage connected with the user's Google account might render users more susceptible to attacks from cybercriminals. If a hacker were to get the user's Google password, they would be able to gain complete access to all of the user's authenticator-linked applications. An outdated phone that is utilized just for the purpose of housing the authenticator app was recommended by user u/pojut as a solution to this problem.

See Also
Add or remove trusted computers - Computer

Developers of cybersecurity software called Mysk have also taken to Twitter to provide a warning about the extra issues that come with using Google's cloud storage-based approach to two-factor authentication (2FA). Users that use Google Authenticator as a second factor of authentication for logging into their cryptocurrency exchange accounts and other services linked to finance may find this to be a substantial cause for worry. The two-factor authentication (2FA) system is vulnerable to a variety of attacks, the most prevalent of which is known as "SIM swapping." This kind of identity theft allows con artists to take control of a phone number by deceiving a telecoms operator into associating the number with their own SIM card.

A recent example of this may be seen in a lawsuit that was recently filed against the cryptocurrency exchange Coinbase, which is situated in the United States. In the case, a client claimed that he had lost "90% of his life savings" as a result of being a victim of such an assault. Notably, Coinbase itself recommends using authenticator applications for two-factor authentication rather than sending a verification code by text message. The company calls SMS two-factor authentication the "least secure" type of authentication.

An upgrade to Google Authenticator may benefit users who have misplaced their authenticator app, but it has caused some users to be concerned about the service's level of security. The use of cloud storage to store one-time codes leaves users open to attack by cybercriminals, who may then be able to discover the user's Google password and, as a result, acquire complete access to all of the authenticator-linked applications used by the user. Users who use Google Authenticator for two-factor authentication should take precautions to safeguard themselves, such as installing their authentication app on a different device and avoiding two-factor authentication through SMS.

Google's Authenticator Update Raises Security Concerns (2024)

FAQs

What are the security issues with Google Authenticator? ›

In 2020, Android malware was found stealing one-time passwords from Google Authenticator. Moreover, the lack of additional security layers has been noted, specifically the lack of passcode or biometric security on the app which only raises the risk to organizations if a device is stolen or lost and infiltrated.

Read On
Why avoid Google Authenticator? ›

Backup is cumbersome.

Also, the services often offer reserve codes instead of explicitly suggesting to save the secret. If you lose your secret and log in with a reserve code, you will have to redo the entire TOTP registration process again. Backup codes are sent online, which is often insecure.

Discover More Details
Why is Google forcing 2 step verification? ›

Signing in with both a password and a second step on your phone protects against password-stealing scams. Even if someone gets your password online, they won't also have your phone.

Continue Reading
How do I fix Google Authenticator error? ›

Resolution
  1. Open Google Authenticator app on your mobile.
  2. At the top-right corner, click on the action (three-dot) icon.
  3. Click on Settings from the drop-down.
  4. Choose Time Correction for Codes.
  5. Select Sync Now.
  6. Check whether the Two Factor Authentication is working or not.
  7. Open Settings on your mobile.

See Details
Can Google Authenticator be compromised? ›

Since the code is valid for just 30 seconds, hackers don't have much time to use it. It's impossible to recover a secret key from a one-time code, so even if the code is intercepted, attackers won't be able to clone the authenticator.

Find Out More
Is it safe to use Google Authenticator app? ›

Google encrypts Authenticator codes both in transit and at rest across our products. This means that your codes remain encrypted in our systems and protected from any potential bad actors.

Tell Me More
Is Google Authenticator safe in 2024? ›

A dependable option in the realm of two-factor authentication (2FA), Google Authenticator continues to be a reliable choice for securing your accounts. Its simplicity and ease of use make it a favorite among users who value straightforward functionality without unnecessary frills.

Show Me More
What happens if I uninstall Google Authenticator? ›

A2A: What happens if I uninstall Google Authenticator? You lose access to the seed database on your device so you won't be able to use TOTP authentication with the sites that you have enrolled for. Removing Google Authenticator does not affect sites on which you have enabled two factor authentication.

Explore More
What is better than Google Authenticator? ›

Other important factors to consider when researching alternatives to Google Authenticator include security. The best overall Google Authenticator alternative is LastPass. Other similar apps like Google Authenticator are 1Password, Cisco Duo, Auth0 by Okta, and Ping Identity.

Continue Reading
Can you opt out of Google two-factor authentication? ›

Manage your Google Account.

At the top, tap Security. Under "How you sign in to Google," tap 2-Step Verification. You might need to sign in. Tap Turn off.

Show Me More

Why is Google suddenly asking for verification? ›

To help protect you from abuse, we sometimes ask you to prove you're not a robot before you can create or sign in to your account. This extra confirmation by phone helps keep spammers from abusing our systems. Tip: To verify your account, you need a mobile device.

Read The Full Story
Did Google automatically turn on 2-Step Verification? ›

Note: If you sign in to your Google Account on any eligible phone, Google prompts is added as a method for 2-Step Verification automatically.

See Details
What's wrong with Google Authenticator? ›

Incorrect date and time settings: If the device's date and time settings are incorrect, it can cause synchronization issues with the Google authentication system. 3.

Get More Info Here
Why is Google authentication failing? ›

Problems logging into your account

The most common cause of 2-factor authentication problems is that the time on your Google Authenticator app is not synced correctly.

Continue Reading
How do I get Google Authenticator to work again? ›

As long as you've updated Google Authenticator and it's connected to your Google account, you can restore Authenticator from the cloud. If you aren't backing up Authenticator, you can manually transfer your accounts to a new device or restore using your QR code.

View More
Can Google Authenticator be trusted? ›

The Google Authenticator 2FA app only secure if you enable Privacy Screen and build in a reliable backup. The most secure 2FA method uses a physical security key, but for a free option, authenticator apps are recommended over text message-based 2FA, which is vulnerable to SIM swap attacks.

View Details
What are the security issues with 2 factor authentication? ›

2FA can be vulnerable to several attacks from hackers because a user can accidentally approve access to a request issued by a hacker without acknowledging it.

See More
How secure is the authenticator app? ›

Authenticator apps generate 2FA codes locally on a device, rather than sending them unencrypted over text message. The 2FA codes in authenticator apps also change every 30 to 60 seconds, which makes them difficult for cybercriminals to steal.

Learn More
Why is 2FA no longer safe? ›

Even if the user doesn't respond to a push login request or doesn't enter a One-Time Password (OTP) when prompted, a hacker still knows they have a working password now; how, because the delay for the denied message takes longer... Most of us know where this is going; the hacker is persistent in their login attempts.

Discover More Details
Top Articles
Ned Johnson, who made Fidelity a fund titan, dies at 91
How Safe Are Your Fidelity Accounts? - TABR
Poe T4 Aisling
Pet For Sale Craigslist
Immobiliare di Felice| Appartamento | Appartamento in vendita Porto San
Phone Number For Walmart Automotive Department
St Als Elm Clinic
Mcoc Immunity Chart July 2022
Is Csl Plasma Open On 4Th Of July
Flat Twist Near Me
Produzione mondiale di vino
Buckaroo Blog
Jesus Revolution Showtimes Near Chisholm Trail 8
Rainfall Map Oklahoma
Bubbles Hair Salon Woodbridge Va
Ohiohealth Esource Employee Login
William Spencer Funeral Home Portland Indiana
2135 Royalton Road Columbia Station Oh 44028
Used Wood Cook Stoves For Sale Craigslist
Mission Impossible 7 Showtimes Near Regal Bridgeport Village
Wgu Admissions Login
Evil Dead Rise Showtimes Near Regal Columbiana Grande
Sivir Urf Runes
iLuv Aud Click: Tragbarer Wi-Fi-Lautsprecher für Amazons Alexa - Portable Echo Alternative
Dr Adj Redist Cadv Prin Amex Charge
60 X 60 Christmas Tablecloths
Sam's Club La Habra Gas Prices
History of Osceola County
Morristown Daily Record Obituary
Lakewood Campground Golf Cart Rental
Lisas Stamp Studio
Best Transmission Service Margate
Pacman Video Guatemala
Sinfuldeed Leaked
5 Star Rated Nail Salons Near Me
Brenda Song Wikifeet
Tra.mypatients Folio
El agente nocturno, actores y personajes: quién es quién en la serie de Netflix The Night Agent | MAG | EL COMERCIO PERÚ
Cvb Location Code Lookup
Koninklijk Theater Tuschinski
Lamont Mortuary Globe Az
boston furniture "patio" - craigslist
Dragon Ball Super Card Game Announces Next Set: Realm Of The Gods
Bonecrusher Upgrade Rs3
Windy Bee Favor
Heat Wave and Summer Temperature Data for Oklahoma City, Oklahoma
Julies Freebies Instant Win
Immobiliare di Felice| Appartamento | Appartamento in vendita Porto San
Download Twitter Video (X), Photo, GIF - Twitter Downloader
Latest Posts
Wealth Management | wealth planning, products and services | Fidelity
3 Brands Owned by the S.C. Johnson Family
Article information

Author: Ray Christiansen

Last Updated:

Views: 6300

Rating: 4.9 / 5 (69 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Ray Christiansen

Birthday: 1998-05-04

Address: Apt. 814 34339 Sauer Islands, Hirtheville, GA 02446-8771

Phone: +337636892828

Job: Lead Hospitality Designer

Hobby: Urban exploration, Tai chi, Lockpicking, Fashion, Gunsmithing, Pottery, Geocaching

Introduction: My name is Ray Christiansen, I am a fair, good, cute, gentle, vast, glamorous, excited person who loves writing and wants to share my knowledge and understanding with you.