And there is an issue with Google Authenticator Back-up!

I wrote about the new functionality of the Google Authenticator app yesterday – but said I was going to hold off advising clients to use this functionality until I had had a look at it. I just want to look at the functionality of this new service as it will be handling extremely sensitive one-time-passwords and other information.

Google Authenticator App gets an update and some advice on MFA – Smart Thinking Solutions

Today researchers at Mysk are voicing concerns that the information that is being backed-up and then shared across devices is being transmitted without encryption – so it is not secure. There is even speculation that the secret information may be being stored on Google servers unencrypted!

Google will add End-to-End encryption to Google Authenticator (bleepingcomputer.com)

Cyber Security 101 – encryption is essential for data in transit and data at rest.

So hold off on enabling back-up and sharing in the Google Authenticator app for a while while Google fixes this slip up.

Clive Catton MSc (Cyber Security) – by-line and other articles