Security Experts:

Google Authenticator Users Can Now Transfer 2SV Secrets Between Devices

Google this week announced that Google Authenticator users can now transfer 2-Step Verification (2SV) secrets between devices.

The new feature is meant to make it easier for users to manage their Google Authenticator 2SV codes across multiple devices.

The 2SV secrets represent the data that is used to generate 2SV codes across devices that have Google Authenticator installed. With the new feature, users can transfer the data to a new device when upgrading, Google says.

The much anticipated feature is now available in the latest version of Google Authenticator on Android (version 5.10), the Internet company announced.

“Using 2SV, 2-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) is critical to protecting your accounts from unauthorized access. With these mechanisms, users verify their identity through their password and an additional proof of identity, such as a security key or a passcode,” Google said.

Google Authenticator aims not only to provide an easy way to use 2SV on accounts, but also to improve the security of the login process, compared to options such as receiving passcodes via text messages.

To ensure that users can keep their accounts safe, Google also took a series of measures to minimize the attack surface in spite of the newly announced feature.

Thus, no data is sent to Google’s servers when the user transfers 2SV secrets, as the communication takes place between the two devices only.

“Your 2SV secrets can’t be accessed without having physical access to your phone and the ability to unlock it,” the Internet giant notes.

Furthermore, alerting mechanisms and in-app logs were implemented, so as to make users fully aware of the fact that the transfer function has been used.

Additional information on the new feature is available on this help page.

Related: How to Choose an Authenticator. Or Two. Or Three.

Related: Google Open Sources Code for Security Key Devices

Related: Ready or Not, Here Comes FIDO: How to Prepare for Success

Related: 6 Ways Attackers Are Still Bypassing SMS 2-Factor Authentication

view counter