Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Google Authenticator Users Can Now Transfer 2SV Secrets Between Devices

Google this week announced that Google Authenticator users can now transfer 2-Step Verification (2SV) secrets between devices.

The new feature is meant to make it easier for users to manage their Google Authenticator 2SV codes across multiple devices.

Google this week announced that Google Authenticator users can now transfer 2-Step Verification (2SV) secrets between devices.

The new feature is meant to make it easier for users to manage their Google Authenticator 2SV codes across multiple devices.

The 2SV secrets represent the data that is used to generate 2SV codes across devices that have Google Authenticator installed. With the new feature, users can transfer the data to a new device when upgrading, Google says.

The much anticipated feature is now available in the latest version of Google Authenticator on Android (version 5.10), the Internet company announced.

“Using 2SV, 2-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) is critical to protecting your accounts from unauthorized access. With these mechanisms, users verify their identity through their password and an additional proof of identity, such as a security key or a passcode,” Google said.

Google Authenticator aims not only to provide an easy way to use 2SV on accounts, but also to improve the security of the login process, compared to options such as receiving passcodes via text messages.

To ensure that users can keep their accounts safe, Google also took a series of measures to minimize the attack surface in spite of the newly announced feature.

Thus, no data is sent to Google’s servers when the user transfers 2SV secrets, as the communication takes place between the two devices only.

Advertisement. Scroll to continue reading.

“Your 2SV secrets can’t be accessed without having physical access to your phone and the ability to unlock it,” the Internet giant notes.

Furthermore, alerting mechanisms and in-app logs were implemented, so as to make users fully aware of the fact that the transfer function has been used.

Additional information on the new feature is available on this help page.

Related: How to Choose an Authenticator. Or Two. Or Three.

Related: Google Open Sources Code for Security Key Devices

Related: Ready or Not, Here Comes FIDO: How to Prepare for Success

Related: 6 Ways Attackers Are Still Bypassing SMS 2-Factor Authentication

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.