Google’s Authenticator Update Raises Security Concerns

Google has published an update to its Authenticator app that keeps a “one-time code” in cloud storage. This update is part of the company’s endeavor to assist customers in maintaining access to their two-factor authentication (2FA) systems. Users who have misplaced their device that contained their authenticator may still access their two-factor authentication using this code. The storage of one-time codes in a user’s Google Account, as recommended by Google, is said to improve both convenience and security and shield users from being locked out of their accounts. However, this approach is causing other people to worry about their safety.

In a post made to the r/Cryptocurrency forum, the user u/pojut pointed out that keeping one-time codes in cloud storage connected with the user’s Google account might render users more susceptible to attacks from cybercriminals. If a hacker were to get the user’s Google password, they would be able to gain complete access to all of the user’s authenticator-linked applications. An outdated phone that is utilized just for the purpose of housing the authenticator app was recommended by user u/pojut as a solution to this problem.

Developers of cybersecurity software called Mysk have also taken to Twitter to provide a warning about the extra issues that come with using Google’s cloud storage-based approach to two-factor authentication (2FA). Users that use Google Authenticator as a second factor of authentication for logging into their cryptocurrency exchange accounts and other services linked to finance may find this to be a substantial cause for worry. The two-factor authentication (2FA) system is vulnerable to a variety of attacks, the most prevalent of which is known as “SIM swapping.” This kind of identity theft allows con artists to take control of a phone number by deceiving a telecoms operator into associating the number with their own SIM card.

A recent example of this may be seen in a lawsuit that was recently filed against the cryptocurrency exchange Coinbase, which is situated in the United States. In the case, a client claimed that he had lost “90% of his life savings” as a result of being a victim of such an assault. Notably, Coinbase itself recommends using authenticator applications for two-factor authentication rather than sending a verification code by text message. The company calls SMS two-factor authentication the “least secure” type of authentication.

An upgrade to Google Authenticator may benefit users who have misplaced their authenticator app, but it has caused some users to be concerned about the service’s level of security. The use of cloud storage to store one-time codes leaves users open to attack by cybercriminals, who may then be able to discover the user’s Google password and, as a result, acquire complete access to all of the authenticator-linked applications used by the user. Users who use Google Authenticator for two-factor authentication should take precautions to safeguard themselves, such as installing their authentication app on a different device and avoiding two-factor authentication through SMS.

Source

Tagged : / / / / /

Google Cloud ramps up blockchain efforts by launching digital assets team

Blockchain, cryptocurrency and decentralized technology are all fascinating topics that have been heating up for almost a decade. Nowadays, everyone wants to be part of cutting-edge innovations.

A Thursday announcement by Yolande Piazza, Google Cloud’s VP Financial Services, said the firm has established a Google Cloud digital assets team that will assist clients in creating, trading, storing value and launching new products on blockchain-based platforms. The blog reads;

“This new team will enable our customers to accelerate their efforts in this emerging space and help underpin the blockchain ecosystems of tomorrow.”

The blog points to blockchain and distributed-ledger-based solutions like Hedera, Theta Labs, and Dapper Labs as examples of firms that have already implemented Google Cloud, adding that the Digital Assets Team will conduct a variety of activities in both the near and long term.

Dedicated node hosting/remote procedure call (RPC) nodes for developers; node validation and on-chain governance with some partners; assisting users and developers in hosting their nodes on the “cleanest cloud in the industry;” are some of the activities the team will carry out.

The announcement also reveals that, as the new team expands, it will be examining ways to allow Google Cloud customers to make and receive payments using cryptocurrencies.

Related: Gemini users can now buy Bitcoin with Apple Pay and Google Pay

This is not Google’s first foray into the crypto space. Google Cloud’s parent firm, Google, recently has hired a PayPal veteran to assist with the development of Google Pay as it continues to look towards the future and pursue crypto.

Google teamed up with Coinbase in June, allowing customers of the exchange to pay for items and services using Google Pay. In October, Google and Bakkt joined forces to allow customers of the exchange to spend their cryptocurrency through Google Pay.