Google this week announced that Google Authenticator users can now transfer 2-Step Verification (2SV) secrets between devices.
The new feature is meant to make it easier for users to manage their Google Authenticator 2SV codes across multiple devices.
The 2SV secrets represent the data that is used to generate 2SV codes across devices that have Google Authenticator installed. With the new feature, users can transfer the data to a new device when upgrading, Google says.
The much anticipated feature is now available in the latest version of Google Authenticator on Android (version 5.10), the Internet company announced.
“Using 2SV, 2-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) is critical to protecting your accounts from unauthorized access. With these mechanisms, users verify their identity through their password and an additional proof of identity, such as a security key or a passcode,” Google said.
Google Authenticator aims not only to provide an easy way to use 2SV on accounts, but also to improve the security of the login process, compared to options such as receiving passcodes via text messages.
To ensure that users can keep their accounts safe, Google also took a series of measures to minimize the attack surface in spite of the newly announced feature.
Thus, no data is sent to Google’s servers when the user transfers 2SV secrets, as the communication takes place between the two devices only.
“Your 2SV secrets can’t be accessed without having physical access to your phone and the ability to unlock it,” the Internet giant notes.
Furthermore, alerting mechanisms and in-app logs were implemented, so as to make users fully aware of the fact that the transfer function has been used.
Additional information on the new feature is available on this help page.
Related: How to Choose an Authenticator. Or Two. Or Three.
Related: Google Open Sources Code for Security Key Devices
Related: Ready or Not, Here Comes FIDO: How to Prepare for Success
Related: 6 Ways Attackers Are Still Bypassing SMS 2-Factor Authentication
More from Ionut Arghire
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- iOS Security Update Patches Exploited Vulnerability in Older iPhones
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
- GoAnywhere Zero-Day Attack Hits Major Orgs
- Australia Dismantles BEC Group That Laundered $1.7 Million
- GitHub Rotates Publicly Exposed RSA SSH Private Key
Latest News
- Mandiant Catches Another North Korean Gov Hacker Group
- Microsoft Puts ChatGPT to Work on Automating Cybersecurity
- Video: How to Build Resilience Against Emerging Cyber Threats
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- SecurityScorecard Guarantees Accuracy of Its Security Ratings
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
