Google recently equipped its Authenticator app with the
ability to sync codes as part of the two-factor authentication process. Soon after,
people began raising concerns over insufficient security, since the update
could make it easy for hackers to gain access to Google accounts. In response,
Google product manager Christiaan Brand revealed that the company plans to
add end-to-end encryption in Authenticator.
(3/4) To make sure we’re offering users a full set of options, we’ve started rolling out optional E2E encryption in some of our products, and we have plans to offer E2EE for Google Authenticator down the line.
— Christiaan Brand (@christiaanbrand) April 26, 2023
Security researchers are also pointing out that without end-to-end
encryption, Google could access its users’ account information for advertisement
purposes. For that reason, they believe and are advising users to refrain from
opting for the syncing feature until it supports end-to-end encryption.
Regardless, Google doesn’t seem to be too keen on bringing end-to-end
encryption to Authenticator very soon, which means that many users would rely
on code syncing without additional security for a while at least.
