Yesterday I reported that the Google Authenticator app for Android and iOS added a data synchronisation feature. This is a long awaited feature, that help make it easier to manage one-time access codes (or OTP) across different devices and services. I also reported that security researchers had raised concerns over the lack of end-to-end encryption with the synchronisation feature, meaning that unauthorised users could potentially access that data on Google’s server, such as through a Google breach. Google has since responded, saying that they have heard users’ concerns and will add end-to-end encryption to a future version of Google Authenticator. Google said that they currently encrypt data in transit and at rest, across all products, including Google Authenticator. As there is a possibility of users getting locked out of their own data with end-to-end encryption, they will be rolling out this feature out carefully
This segment was created for the It’s 5:05 podcast