Your Crypto, Bitcoin is at risk with Google Authenticator
2-factor authentication (2FA) is one of the most important measures Bitcoin and crypto owners can take to protect their exchange accounts and others from hackers. By far the most widely used 2FA method is Google Authenticator; hardly any crypto users are likely to be unfamiliar with the app.
Google Authenticator adds an extra layer of security to exchange accounts by adding a second verification step when they sign in. This means that in addition to entering a password, users must also enter a six-digit code generated by the Google Authenticator app on their phone. .
New Google Authenticator update brings big risks to crypto users
In an announcement released yesterday, Google released version 4.0 for iOS and Android. The new version introduces cloud sync.
This means crypto users will be able to sync Authenticator-generated verification codes with all Google accounts and devices, and retrieve verification codes whenever the device is lost. In other words, the one-time codes are stored in the user’s Google account and are no longer device dependent.
This is supposed to make it easier to log in with Google Authenticator, which was released back in 2012. As Google writes, a key feedback over the years from users was that there was too much complexity in dealing with lost or stolen devices that had Google Authentication. installed.
Losing a device meant that crypto users basically lost the ability to log into any services they had set up 2FA for with Authenticator. Only a backup code created when the app was installed could restore all login codes to a new Google Authenticator app running on a new device.
With the 4.0 update, Google introduces a more simplified solution to this problem: “With this update, we’re rolling out a solution to this problem, making one-time codes more durable by storing them securely in users’ Google Accounts. This change means that users are better protected against lockouts and that services can rely on users to maintain access, increasing both convenience and security.”
However, blockchain security firm SlowMist points out in a tweet that this easier handling comes with greater risk. If users lose access to their email clients, for example due to a hack, all access protected by Google Authenticator is at risk, SlowMist says:
If you use this backup method, your mailbox will be at risk. Once the mailbox permission is lost, the 2FA verification code can be stolen, which will bring huge risks. Be aware of the relevant risks.
Crypto owners should therefore think twice before enabling the new feature or sticking with the old backup solution.
At press time, the crypto market remained in its deep correction. Bitcoin traded at $27,431.
Featured image from iStock, chart from TradingView.com