ShiftDelete.net
FOLLOW US

Google Authenticator introduces cloud backup for TOTP codes

Google updates Authenticator app with cloud backup feature, enhancing user convenience and security for TOTP codes.

Google Authenticator introduces cloud backup for TOTP codes

Google announced a significant update to its Authenticator app for Android and iOS on Monday, introducing an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) to the cloud.

Enhanced protection and convenience

“This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,” said Google’s Christiaan Brand.

The update not only brings a new icon to the two-factor authenticator (2FA) app but also introduces a feature similar to Apple’s iCloud Keychain for TOTP codes. This addresses a long-standing issue where the Authenticator app was tied to the device it was installed on, causing difficulties when switching between phones and managing TOTP codes.

Previously, users who lost access to their devices entirely “lost their ability to sign in to any service on which they’d set up 2FA using Authenticator.”

Optional cloud sync feature

The cloud sync feature is optional, which means users can choose to use the Authenticator app without linking it to a Google account. However, it’s essential to remember the potential risks associated with cloud backups, as a malicious actor with access to a Google account could exploit it to breach other online services.

This development follows Proton, a Swiss privacy-focused company with over 100 million active accounts, unveiling an end-to-end encrypted password manager solution called Proton Pass.

The open-source and publicly auditable tool uses the bcrypt password hashing function and a hardened version of the Secure Remote Password (SRP) protocol for authentication, with 2FA integration included.

Upcoming End-to-End encryption

Google plans to offer end-to-end encryption (E2EE) support for its cloud sync feature after security researchers at Mysk and Sophos highlighted potential security concerns when syncing 2FA tokens across devices. The company noted that data is encrypted in transit and at rest, including within the Authenticator app. Google added, “E2EE is a powerful feature that provides extra protections, but at the cost of enabling users to get locked out of their own data without recovery.”

Google Authenticator

SDN Comments 0 Comments

Comment

Related News

iPad mini 7 details leaked: No OLED!
iPad mini 7 details leaked: No OLED!
Apple is preparing to introduce Image Playground and Genmoji
Apple is preparing to introduce Image Playground and Genmoji
Electric vehicle sales in Germany fell dramatically in August, falling by nearly %70.
Electric vehicle sales in Germany fell dramatically in August, falling by nearly %70.
Apple faces class action lawsuit over water damaged iPhone
Apple faces class action lawsuit over water damaged iPhone

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Co-Founder.Work Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio