Google Authenticator makes exchange accounts more secure by requiring a second verification step during login. Users must now input a password and a six-digit number produced by the Google Authenticator app on their phone in addition to the password.
Two-factor authentication (2FA) is one of the most important security precautions Bitcoin and cryptocurrency owners may adopt to secure their exchange accounts and other assets from hackers. Google Authenticator is the most popular 2FA option; few crypto users are likely unaware of the program.
New Google Authenticator Update Poses A Significant Risk For Crypto Users
Google announced the release of version 4.0 for iOS and Android yesterday. Cloud syncing is now available in the latest version.
As a result, cryptocurrency users can synchronize authentication codes issued by Authenticator with all of their Google accounts and devices and retrieve verification codes whenever a device is lost. In other words, the one-time codes are no longer device-specific and are now saved in the user’s Google account.
This is meant to simplify using Google Authenticator, which was introduced in 2012. According to Google, one of the main complaints from consumers over the years was that managing lost or stolen devices that had Google Authenticator installed was too complicated.
Crypto users who have set up 2FA for any services with Authenticator were first unable to log in after losing a device. The only way to restore all login codes to a new Google Authenticator app running on a new device is with a backup code generated when the app was installed.
Google gives a more straightforward remedy to this issue with the 4.0 update: “With this update, we’re releasing a fix for the issue, making one-time codes more resilient by securely keeping them in users’ Google Accounts. Users are now better protected against lockout, and services can now depend on users maintaining access, improving ease and security.
Although this easier handling carries higher risk, blockchain security company SlowMist notes in a tweet that it is also more dangerous. According to SlowMist, all access secured by Google Authenticator is in danger if users lose access to their email clients, for instance, due to a breach.
Using this backup technique puts the mailbox at risk. The 2FA verification is required when the mailbox authorization is lost.
Conversely, the blockchain security firm SlowMist highlights in a tweet that this easy management comes with increased danger. All-access secured by Google Authenticator is in jeopardy if users lose access to their email clients, for instance, due to a hack, according to SlowMist
If you use this backup method, the mailbox will be at risk. Once the mailbox permission is lost, the 2FA verification code may be stolen, which will bring huge risks. Please pay attention to the relevant risks.
Crypto owners should therefore reconsider whether to activate the new option or remain with the previous backup solution.
Related Reading: | Solana (SOL) Market Cap Surges 118.1% QoQ Despite 15% Weekly Dip |