{"id":642140,"date":"2023-04-27T10:05:28","date_gmt":"2023-04-27T15:05:28","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/04\/27\/googles-new-cloud-based-authentication-isnt-end-to-end-encrypted-yet-cnet\/"},"modified":"2023-04-27T10:05:28","modified_gmt":"2023-04-27T15:05:28","slug":"googles-new-cloud-based-authentication-isnt-end-to-end-encrypted-yet-cnet","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/04\/27\/googles-new-cloud-based-authentication-isnt-end-to-end-encrypted-yet-cnet\/","title":{"rendered":"Google’s New Cloud-Based Authentication Isn’t End-to-End Encrypted Yet – CNET"},"content":{"rendered":"
\n

\n Google says an option to make it end-to-end encrypted is coming.\n <\/p>\n

\n
\"imad-khan\" <\/picture><\/div>\n
\n
\n
\"imad-khan\" <\/picture><\/div>\n
\n

Imad Khan<\/span> Senior Reporter<\/span><\/p>\n<\/div>\n<\/div>\n

Imad is a senior reporter covering Google and internet culture. Hailing from Texas, Imad started his journalism career in 2013 and has amassed bylines with The New York Times, The Washington Post, ESPN, Tom’s Guide and Wired, among others. He also hosts FTW with Imad Khan, an esports news podcast in association with Dot Esports.<\/p>\n

\n

Expertise<\/span> Google, Internet Culture<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n<\/div>\n

\n

The Google Authenticator app, which was updated earlier this week<\/a> to allow for cloud-based two-factor authentication (2FA) via your Google account, isn’t end-to-end encrypted<\/a>, according to software company Mysk.<\/p>\n

“We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted,” said Mysk via Twitter, as reported by Gizmodo earlier Wednesday. “As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets.”<\/p>\n

Secrets is\u00a0cybersecurity jargon<\/a> for a private piece of information used to unlock protected or sensitive information.\u00a0<\/p>\n

\n
\n
\n

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don’t turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.\u2026 pic.twitter.com\/a8hhelupZR<\/a><\/p>\n

\u2014 Mysk ???????????????? (@mysk_co) April 26, 2023<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

Security researchers at Mysk are recommending people not turn on the ability to sync 2FA codes across devices and the cloud.\u00a0<\/p>\n

The long-awaited 2FA feature allows you to still access your codes even if your phone is lost or stolen. This means Gmail, banking apps or the plethora other services that allow for 2FA can still have codes accessed via your Google account even when your original device isn’t immediately available. Unfortunately, enabling the feature lacks the same level of encryption — at least for the moment.<\/p>\n

“End-to-End Encryption (E2EE) is a powerful feature that provides extra protections but at the cost of enabling users to get locked out of their own data without recovery,” a Google spokesperson told CNET via email. “To ensure that we’re offering a full set of options for users, we have also begun rolling out optional E2EE in some of our products, and we plan to offer E2EE for Google Authenticator in the future.”<\/p>\n

Google says it offered the feature in this initial way for convenience.<\/p>\n

2FA gives you an extra layer of security on top of your passwords. The additional code generated via the Authenticator app can prevent bad actors from logging into your account with your password alone. For Big Tech, however, passwords are ultimately a vulnerable and ineffective way of keeping accounts secure.<\/p>\n

Google, Apple and Microsoft have\u00a0banded together in the FIDO Alliance<\/a>, short for “fast identity online.” The goal is to have websites forego passwords for biometric login instead. This can include fingerprint scans or face scans. It can also include phone verification. Switching websites over to a “passwordless future” will take time, and, until then, 2FA will remain an important way to keep accounts safe .<\/p>\n<\/div>\n

Read More<\/a>
\n Imad Khan<\/p>\n","protected":false},"excerpt":{"rendered":"

Google says an option to make it end-to-end encrypted is coming. Imad Khan Senior Reporter Imad is a senior reporter covering Google and internet culture. Hailing from Texas, Imad started his journalism career in 2013 and has amassed bylines with The New York Times, The Washington Post, ESPN, Tom’s Guide and Wired, among others. He<\/p>\n","protected":false},"author":1,"featured_media":642141,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40154,161,46],"tags":[],"class_list":{"0":"post-642140","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cloud-based","8":"category-googles","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/642140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=642140"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/642140\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/642141"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=642140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=642140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=642140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}