The Risks of Google Authenticator's Account Syncing

May 1, 2023 at 11:04 AM

•

1 min read

The Risks of Google Authenticator's Account Syncing — Photo: The Register

TL;DR Summary

Google's updated Authenticator app adds Google account synchronization, but the sync process isn't end-to-end encrypted, potentially leaving the seed used to generate 2FA codes visible to Google when stored on its servers. Salesforce Community users are leaking private data due to misconfigured user permissions. A new Meltdown side-channel attack has been discovered that affects multiple generations of Intel CPUs and targets the EFLAGS register using a transient execution flaw to change context execution time.

Topics:technology #authenticator #cybersecurity #e2ee #google #intel-cpu #salesforce-community

Share this article

Google adds account sync for Authenticator, without E2EE The Register
Google’s 2FA app update lacks end-to-end encryption, researchers find TechRepublic
How to use Google Authenticator offline or without sync 9to5Google
Be Aware: Google Authenticator Is Not Safe! Gizchina.com
Are You Safe with Google’s 2FA Syncing? The Disturbing Facts Gizchina.com

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

92%

972 → 74 words

Want the full story? Read the original article

Read on The Register

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights