How Secure is the New Multi-Device Update to Google Authenticator?

Google Authenticator, a two-factor authenticator app that adds a second layer of security to your accounts, has now received an update. The update will allow users to support multiple devices and back up their one-time passwords (OTPs) for two-factor authentication to their Google Accounts.

In Google's announcement, the company stated that the app was initially created to "bolster user security" and to continue optimizations to the app.

Google claims that the primary issue was the applications' inability to save one-time 2FA codes and their lack of multi-device functionality. Since one-time codes within the app are only stored on a single device, and the device is lost, users will not be able to sign into any service that is set up with the app's 2FA. Also, they must reconfigure and set up 2FA again for all accounts.

This update will store one-time codes in the users' Google accounts. Google states that with a cloud backup, users can add their 2FA codes to multiple devices, retaining access and security if a device is lost.

However, is this new update as secure as Google states?

While this appears to be a beneficial improvement for customers, it raises questions about how secure it would be for users to utilize their Google accounts as a security backup.

Here are a few quick facts:

• 788,000 Google login credentials were taken using keyloggers
• Over three million pieces of information in relation to Gmail accounts were stolen by third-party breaches.
• About half a million U.S. accounts are hacked every day.

(BleepingComputer).

These statistics illuminate that if one's Google account is hacked, malicious actors could gain access to all of the store's one-time codes, which can compromise all of the user's accounts that 2FA protects. Many users do not have strong or unique passwords, making it easy for hackers to compromise accounts. Additionally, Google has faced some security incidents and data breaches in the past. For example, in 2018, a software bug within the Google+ platform exposed 500,000 users' personal information.

What Infiniwiz recommends

When you update your Google Authenticator app and open it for the first time, it will introduce you to the new feature. This is when the app will ask you to select an account to back up your codes on. In the same prompt, there is an option to use the app as a standalone. Select that option, and once finished, you will not have to worry about codes being backed up on your account.

Our job is to help companies create more unified business functions, improve customer service, and utilize technology to move forward. Chicago-experienced IT consulting experts will make your technology work for you and keep you from spending endless, frustrating hours managing your business IT. Managed IT is when the Infiniwiz team proactively handles your IT headaches and hassles for you…So you can get done on your "to-do" list – like growing the business! If you have any questions, feel free to contact us!