Google’s New 2FA Authenticator Update Raises Security Concerns
Google recently released an update for its popular authenticator app that has raised some security concerns. The update stores a “one-time code” in cloud storage, allowing users who have lost the device with their authenticator on it to retain access to their two-factor authentication (2FA). While this update may seem like a convenient solution for users, it also makes them vulnerable to hacks.
The Risks of Storing 2FA in Cloud Storage
By securing the one-time code in cloud storage associated with the user’s Google account, anyone who gains access to the user’s Google password could then obtain full access to their authenticator-linked apps. Cybersecurity developers and Redditors have warned of additional complications that come with Google’s cloud storage-based solution to 2FA.
Alternative Solutions to 2FA Security Issues
One potential way around the SMS 2FA issue is to use an old phone that is exclusively used to house your authenticator app. This way, the user’s Google account and phone are separate, and the phone can be kept offline when not in use. Similarly, cryptocurrency exchanges like Coinbase encourage the use of authenticator apps for 2FA as opposed to SMS.
Other 2FA Security Issues
SIM swapping is the most common 2FA hack, where scammers gain control of a phone number by tricking the telecommunications provider into linking the number to their own SIM card. Coinbase recently faced a lawsuit from a customer who claimed to have lost “90% of his life savings” after falling victim to a SIM swapping attack. Blockchain security firm CertiK has warned of the dangers of using SMS 2FA, describing it as “better than nothing, but the most vulnerable form of 2FA currently in use.”
Conclusion
While the convenience of cloud storage may seem like a viable solution, it is essential to keep in mind the potential risks associated with storing 2FA in the cloud. Users must remain vigilant about protecting their passwords and devices from potential hackers. Consider using alternative solutions, like an old phone, to keep your 2FA separate from your other online accounts. It is essential to take all necessary precautions to ensure that your online security remains uncompromised.