It was possible to connect Authenticator to Google account; Security threat for digital currency traders?
If you are a trader or user in the cryptocurrency space, you probably use the Google Authenticator mobile app to create and manage two-factor authentication (2FA) codes on various platforms such as centralized exchanges.
Google has recently released version 4.0 of this popular application for Android and iOS, and in it, it is possible for users to sync their two-factor verification codes with their Google account (Gmail). Previously, if a device was lost or destroyed and the user did not save their authenticator backup codes, all of their two-factor authentication codes would be virtually unrecoverable.
Now, with this feature, there is no need for authenticator backup codes that are provided before creating any two-factor verification code, and if the user has synced his application with his user account, he can simply enter the verification codes by entering Gmail and password. Recover your duality easily. In other words, two-factor codes can be tied to your Google account instead of the device.
Google in Notifications He himself said about the addition of this possibility:
One of the main feedbacks we’ve received from users over the years is the complexity of dealing with lost or stolen devices that had Google Authenticator installed. Now, this change means that users will face less problems like losing their access to their codes, and different services can count on maintaining their users’ access, which means more convenience and security.
Although Google believes that this change is for the benefit of users in terms of security, the security company SlowMist, which works in the field of blockchain, says that this greater convenience ultimately entails more security risks.
The experts of this collection in a tweet They wrote:
If you use this method to recover your two-factor verification codes, your mailbox will be compromised. If your Gmail is hacked, access to your two-factor codes may also be stolen, which is a big risk. Pay attention to these risks.
In general, it is better to pay attention to its security risks before deciding whether to use this new possibility or continue with the old method (note the backup codes).
Nothing found.