This past week, we saw tech giant Google launch an ability of its Authenticator to sync 2FA codes to users’ accounts. But that came with another shocking finding on how this feature isn’t E2E encrypted.
We were just as baffled and curious as many others in the tech world but it appears like the Android maker is finally coming out clean about why it made the decision to go with this.
The news comes as the security experts at Mysk laid down how such a shortcoming could be very serious and give rise to the ability to copy users’ 2FA codes. It was a genuine complaint and those who are very uptight about security and privacy mentioned how they can’t trust Google or any other third party to not attain access to their data.
They wished the tech giant would rethink the endeavor and alter it in a manner where nobody but them could attain access to such codes by including E2E encryption with another passcode that they know of.
But today, Google explained how the main purpose behind such new sync features is to offer an array of things that provide protection and are super convenient and useful. It’s a hugely powerful feature and sets out extra protections but one downside does exist.
So many users may end up getting locked from their own data without a chance for recovery because if they lose the password for Google accounts, it’s like losing another security layer.
For those who might not be aware, the company’s password manager is designed to provide on-device encryption that converts the device into a certain key that is designed to lock passwords before they get saved into the password manager. But if you lose the key, you lose all of the passwords for this as well.
Google says it has a lot of plans in store to offer the End-to-End for the Authenticator, later on. But for now, it keeps sending out reminders that they are fully allowed to make use of the app without the syncing feature to their respective accounts online.
Furthermore, the leading search engine giant says that it only encrypts users’ data in a transit manner while the rest for Google Products and the Authenticator needs to work out.
We also like to mention that those having the Authenticator set up on a number of their devices need to be so careful while carrying out updates for the latest version and when allowing for sync. Since the system doesn’t identify identical codes so could merge them automatically. Hence, what you end up with is duplicates.
Read next: Google Witnesses Back To Back Decline In Its Digital Ad Revenue As AI Threatens Its Dominance In Search
We were just as baffled and curious as many others in the tech world but it appears like the Android maker is finally coming out clean about why it made the decision to go with this.
The news comes as the security experts at Mysk laid down how such a shortcoming could be very serious and give rise to the ability to copy users’ 2FA codes. It was a genuine complaint and those who are very uptight about security and privacy mentioned how they can’t trust Google or any other third party to not attain access to their data.
They wished the tech giant would rethink the endeavor and alter it in a manner where nobody but them could attain access to such codes by including E2E encryption with another passcode that they know of.
But today, Google explained how the main purpose behind such new sync features is to offer an array of things that provide protection and are super convenient and useful. It’s a hugely powerful feature and sets out extra protections but one downside does exist.
So many users may end up getting locked from their own data without a chance for recovery because if they lose the password for Google accounts, it’s like losing another security layer.
For those who might not be aware, the company’s password manager is designed to provide on-device encryption that converts the device into a certain key that is designed to lock passwords before they get saved into the password manager. But if you lose the key, you lose all of the passwords for this as well.
Google says it has a lot of plans in store to offer the End-to-End for the Authenticator, later on. But for now, it keeps sending out reminders that they are fully allowed to make use of the app without the syncing feature to their respective accounts online.
Furthermore, the leading search engine giant says that it only encrypts users’ data in a transit manner while the rest for Google Products and the Authenticator needs to work out.
We also like to mention that those having the Authenticator set up on a number of their devices need to be so careful while carrying out updates for the latest version and when allowing for sync. Since the system doesn’t identify identical codes so could merge them automatically. Hence, what you end up with is duplicates.
Read next: Google Witnesses Back To Back Decline In Its Digital Ad Revenue As AI Threatens Its Dominance In Search
