Google has added a new feature to its popular two-factor authentication app, Google Authenticator. Account syncing allows users to keep their 2FA keys in sync across multiple devices, making it easier to access them when upgrading smartphones or if one is lost or stolen. However, security researchers have discovered that the feature lacks end-to-end encryption (E2EE), which could be a major security issue for users.
While Google Authenticator encrypts data while in transit, it is not end-to-end encrypted, leaving users vulnerable to data breaches that could jeopardize the security of their 2FA codes. The lack of full encryption has prompted concerns about the safety of account syncing.
Google product manager Christiaan Brand addressed these concerns on Twitter, stating that the company is working on adding E2EE to Google Authenticator. Brand emphasized that the goal of the feature is to offer users the convenience of syncing their 2FA keys across devices, while also ensuring their safety and security.
