One of the most important measures undertaken by the crypto and bitcoin owners to safeguard their exchange accounts and others from hackers is Two factor authentication (2FA). Till now the most popular and long-established method for two factor authentication is Google Authenticator, which is widely known amongst most crypto users.
What Google Authenticator does is that it bolsters security while signing in by adding an extra layer of safety to exchange accounts by adding a second verification step when logging in. This means that users must enter a six-digit code generated by Google authenticator app on their phone, in addition to the classical way of entering password.
In a statement released yesterday, Google released a new version 4.0 for iOS and Android which introduces cloud syncing. This will allows crypto users to sync Authenticator-generated verification codes with all google accounts and devices recoup verification codes any time the device is lost. This makes one-time codes stored in the user’s Google account independent of the device that is being used .
As stated by Google, users over the years have had difficulty dealing with lost or stolen devices that had Google Authenticator installed. Since one time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator.
This update rolled out a solution to this problem, making one time codes more durable by storing them safely in users’ Google Account. This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.
As far as crypto users were concerned, earlier losing a device meant initially losing their ability to log in to any services they had set up 2FA for with Authenticator. Only a backup code created when the app was installed could restore all login codes to a new Google Authenticator app running on a new device.
With the 4.0 update, Google introduces a more simplified solution to this problem: It declared
“With this update we’re rolling out a solution to this problem, making one time codes more durable by storing them safely in users’ Google Account. This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.”
Nonetheless, SlowMist, a blockchain security firm indicated in a tweet that this easier handling comes with greater risk. If users lose access to their email clients, for example, due to a hack, all access protected by Google Authenticator is at risk, SlowMist says:
“If you use this backup method, the mailbox will be at risk. Once the mailbox permission is lost, the 2FA verification code may be stolen, which will bring huge risks. Please pay attention to the relevant risks.”
As the business needs around cloud applications and updated privacy features on devices surges, there are arise the risk of rising threats. Therefore there is the need to reduce cost and requirement of entirely new considerations for access control. Thus the crypto owners are suggested to think twice before activating the new feature or sticking with the old back-up solution.