For example, Microsoft’s sync doesn’t work between iOS and Android devices, making it harder to switch operating systems and take your 2FA codes with you. Mysk says that there are security and privacy limitations to the major 2FA apps. Tommy Mysk, an app developer and security researcher who runs the software company Mysk, has tested multiple 2FA apps and found rogue apps available to download. Google spokesperson Kimberly Samra says “that risk is much smaller than that you lose your device, no longer have your OTPs, and then the service has to use a much weaker mechanism for allowing you to log in.” There is also the option to keep using Google Authenticator without logging in to a Google account.įor instance, if someone gains access to your Google account, they may also be able to access your 2FA codes for your other online accounts. When I downloaded Authenticator on my iPad after setting up sync on my phone, the codes appeared once I had logged in. Authenticator gives you the option to use the app with your Google login, and if you select this option, your Google profile will show in the top right corner of the app, next to a sync icon. Syncing your Google Authenticator codes now happens through your Google account-the feature is available on the latest iOS and Android versions of Google’s app. “This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.” Brand says the sync feature has been one of the most requested since the Authenticator app was released in 2010. “Since one-time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator,” Christiaan Brand, a group product manager at Google, wrote in a blog post announcing the change.
0 Comments
Leave a Reply. |