Google plans to add end-to-end encryption to the Authenticator tool

Google Authenticator gets end-to-end encryption — finally. After security researchers criticized the company for not including it with the Authenticator account sync update, Google product manager Christiaan Brand He replied on Twitter by saying that the company has “plans to introduce E2EE” in the future.

“For the time being, we believe our existing product strikes the right balance for most users and provides significant benefits over offline use,” Brand wrote. “However, the option to use the app offline will remain an alternative for those who prefer to manage their own backup strategy.”

Earlier this week, Google Authenticator finally started giving users the option to sync two-factor authentication codes to their Google accounts, making it much easier to sign into accounts on new devices.

While this is a welcome change, it also poses some security concerns, as hackers breaking into someone’s Google account could potentially gain access to a host of other accounts as a result. If the feature supports E2EE, hackers and other third parties, including Google, will not be able to see this information.

Security researchers Misk have highlighted some of these risks In a post on Twitter, stating that “in the event of a data breach or if someone gains access to your Google account, all of your two-factor authentication secrets will be compromised.” They added that Google may use information associated with your accounts to serve personalized ads and also advised users not to use the sync feature until E2EE is supported.

The brand dismissed the criticism, saying that while Google encrypts “data in transit, and at rest, across our products, including Google Authenticator,” E2EE comes at “the cost of enabling users to have their own data without recovery.” There’s still no timeline for when Google will actually bring E2EE to Authenticator’s new account sync feature, though, leaving users with the option of using the feature without E2EE or continuing to use Google Authenticator offline.

Leave a Reply

Your email address will not be published. Required fields are marked *