BW Explains: Google’s Updated Authenticator, A Thumbs Up Or Thumbs Down Upgrade?

In this digital era, security and privacy are a matter of concern everywhere, as unencrypted data and cloud-based storage can expose user information to software companies and third parties. Hence, users today continuously look for security and privacy features, especially end-to-end encryption (E2EE). 

With Google’s latest announcement, the wait seems to have ended. But researchers might have a different perspective on this. BW explains – A Thumbs up or Thumbs down, the tale of Google Authenticator Application.

Google’s Announcement

Google on Monday, 24 April 2023, announced an update to its Google Authenticator app, across both iOS and Android. The update adds the feature of safely backing up one-time codes (one-time passwords or OTPs) to a user’s Google Accounts or Cloud.

What Is Google Authenticator Application?

Released in 2010 Google Authenticator is a two-factor authentication application (2FA) that supports user sign-in. But for years, the application lacked the ability to backup 2FA codes to the cloud and failed to provide multi-device support. This means loss or reset of a device would mean loss of access to all 2FA configurations, making regaining this access a difficult task for the user. To resolve this problem, the newly announced update allows users to back up their one-time passwords to their Google accounts or Cloud.

Google On Authenticator’s Users Security

According to Google, the authentication application lacks E2EE support but is secured with team-balanced protection designed for easier usability and convenience.

Christiaan Brand, the group product manager for the Authenticator application, supported his company’s claim in a series of short tweets and promised to introduce E2EE for Google Authenticator soon.

Snap Of Brand’s Tweet

What is End-to-End Encryption (E2EE)?

End-to-End encryption (E2EE) is a method to secure a user’s online activity, which prevents third party’s access to their data. In E2EE, the data encrypted on the user’s system or device can be decrypted by the user only. 

Why Is Google Authenticator Update A User Concern?

According to Google Authenticator’s new update, the user can now save their one-time passwords or OTPs to their Google Accounts or Cloud, so that the application is secure. But since the application lacks E2EE, Google’s server is likely to have the backup or storage of the password or OTP and hence, the authenticator falls flat in the name of a secure app. The same is supported by researchers at Mysk. Their study underlines no option to protect user’s codes in the authenticator. Further, the researchers found that they can even claim hackers’ threats, who could then easily decode the codes through network traffic interception.

Snap Of Mysk’s Tweet