![]() “The app developer should not be able to read the content of the data. “Since 2FA apps deal with secrets, the only secure way to sync data across devices is by using end-to-end encryption,” Mysk says. ![]() The encryption method ensures the companies can’t see the contents of your sign-in codes. “Google Authenticator doesn’t send this sort of data.”ĭespite adding more convenience, it doesn’t appear that either Google or Microsoft’s authentication apps back up people’s 2FA sign-in codes using end-to-end encryption when they are synced. “Most apps, including Microsoft Authenticator, send behavioral analytics-that is, how users use the apps and where they tap,” Mysk says. In terms of data the apps collect, Mysk says Google’s Authenticator performs “very well” and doesn’t share details of QR codes with Google. For example, Microsoft’s sync doesn’t work between iOS and Android devices, making it harder to switch operating systems and take your 2FA codes with you. Mysk says that there are security and privacy limitations to the major 2FA apps. Tommy Mysk, an app developer and security researcher who runs the software company Mysk, has tested multiple 2FA apps and found rogue apps available to download. Google spokesperson Kimberly Samra says “that risk is much smaller than that you lose your device, no longer have your OTPs, and then the service has to use a much weaker mechanism for allowing you to log in.” There is also the option to keep using Google Authenticator without logging in to a Google account.įor instance, if someone gains access to your Google account, they may also be able to access your 2FA codes for your other online accounts. When I downloaded Authenticator on my iPad after setting up sync on my phone, the codes appeared once I had logged in. Authenticator gives you the option to use the app with your Google login, and if you select this option, your Google profile will show in the top right corner of the app, next to a sync icon. Syncing your Google Authenticator codes now happens through your Google account-the feature is available on the latest iOS and Android versions of Google’s app. “This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.” Next, tap Manage Your Google Account, then tap Security at. ![]() Brand says the sync feature has been one of the most requested since the Authenticator app was released in 2010. Backing up your Google Authenticator code on your iPhone is easy First, open the Gmail app and tap Menu > Settings > your account name. “Since one-time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator,” Christiaan Brand, a group product manager at Google, wrote in a blog post announcing the change. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |