The new feature that allows users to sync their one-time codes between multiple devices in Google’s two-factor authentication tool, Authenticator, does not use end-to-end encryption, which can expose users to significant security risks, according to security researchers who have examined the new feature.


However, you can still use Google Authenticator without linking it to your Google account, which avoids this security risk. Unfortunately, this means that it may be best to avoid this feature, which users of the app have been longing for for several years.

Apple’s two-factor authentication tool in iCloud is one of the services that actually uses end-to-end encryption for its one-time codes.

Leave a comment

Your email address will not be published. Required fields are marked *