Google Authenticator Sync in Progress: End-to-End Encryption to be Added Soon

Google has added a new feature to its popular two-factor authentication app, Google Authenticator. Account syncing allows users to keep their 2FA keys in sync across multiple devices, making it easier to access them when upgrading smartphones or if one is lost or stolen. However, security researchers have discovered that the feature lacks end-to-end encryption (E2EE), which could be a major security issue for users.

While Google Authenticator encrypts data while in transit, it is not end-to-end encrypted, leaving users vulnerable to data breaches that could jeopardize the security of their 2FA codes. The lack of full encryption has prompted concerns about the safety of account syncing.

Google product manager Christiaan Brand addressed these concerns on Twitter, stating that the company is working on adding E2EE to Google Authenticator. Brand emphasized that the goal of the feature is to offer users the convenience of syncing their 2FA keys across devices, while also ensuring their safety and security.

 

 

“We’re always focused on the safety and security of @Google users, and the newest updates to Google Authenticator was no exception. Our goal is to offer features that protect users, BUT are useful and convenient,” said Brand.

He went on to explain that while E2EE provides extra protection, it can also lead to users getting locked out of their own data without recovery. As a result, Google is aiming to strike the right balance for most users and provide significant benefits over offline use.

While there is no timeline for when Google Authenticator will introduce end-to-end encryption, Brand has confirmed that the company has already started rolling out optional E2EE in some of its products. In the meantime, users who are concerned about the lack of encryption can choose to use the app offline until the feature is added.

Overall, Google Authenticator remains a secure way to protect your online accounts with 2FA. With the addition of account syncing, users will be able to easily access their 2FA keys across devices. However, the lack of end-to-end encryption highlights the importance of strong recovery keys and storing them in a safe place.