Mysk π¨π¦π©πͺ on Twitter: “Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don’t turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.β¦ https://t.co/a8hhelupZR” / Twitter
Posted by jpluimers on 2023/05/10
Do not use the Google 2FA Authenticator to to sync secrets across devices.
The why is explained in the (long) tweet by [Wayback/Archive] Mysk on Twitter: “Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don’t turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.⦔
For similar reasons, you might not want to use Authy by Twilio to sync between devices either.
Related (most in Dutch):
- [Wayback/Archive] Onderzoekers: back-up codes Google Authenticator niet end-to-end versleuteld – Security.NL
- [Wayback/Archive] Google Authenticator gaat back-ups van tweestapsverificatiecodes ondersteunen – Computer – Nieuws – Tweakers (comment highly preferring Aegis over Authy)
- [Wayback/Archive] Microsoft wil tweestapsverificatietool Authenticator integreren in Outlook-app – Computer – Nieuws – Tweakers (which has a comment on Authy)
- [Wayback/Archive] blues-lab/totp-app-analysis-public: Security and Privacy Failures in Popular 2FA Apps
- [Wayback/Archive] Enable or Disable Authy Multi-Device β Authy
- [Wayback/Archive] Met project No More Leaks voorkomt de politie veel schade bij bedrijven – IT Pro – .Plans – Tweakers (which has a great comment on password strength)
- [Wayback/Archive] blues-lab/totp-app-analysis-public: Security and Privacy Failures in Popular 2FA Apps
- [Wayback/Archive] beemdevelopment/Aegis: A free, secure and open source app for Android to manage your 2-step verification tokens.
Query to see if Aegis can sync: [Wayback/Archive] Aegis authenticator sync devices – Google Search
Results:
- [Wayback/Archive] Aegis on Two Devices Simultaneously? : privacytoolsIO
- [Wayback/Archive] alexzorin/authy: Go library and program to access your Authy TOTP secrets.
- [Wayback/Archive] Option to backup to Google Drive/OneDrive/Other Cloud Storage Β· Issue #42 Β· beemdevelopment/Aegis
- [Wayback/Archive] Allow storing the database on external storage Β· Issue #18 Β· beemdevelopment/Aegis
- [Wayback/Archive] Add auto backup Β· Issue #103 Β· beemdevelopment/Aegis
- [Wayback/Archive] Syncing using cloud services Β· Issue #258 Β· beemdevelopment/Aegis
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a Reply