Google recently equipped its Authenticator app with the ability to sync codes as part of the two-factor authentication process. Soon after, people began raising concerns over insufficient security, since the update could make it easy for hackers to gain access to Google accounts. In response, Google product manager Christiaan Brand revealed that the company plans to add end-to-end encryption in Authenticator.
(3/4) To make sure we’re offering users a full set of options, we’ve started rolling out optional E2E encryption in some of our products, and we have plans to offer E2EE for Google Authenticator down the line.— Christiaan Brand (@christiaanbrand) April 26, 2023
Security researchers are also pointing out that without end-to-end encryption, Google could access its users’ account information for advertisement purposes. For that reason, they believe and are advising users to refrain from opting for the syncing feature until it supports end-to-end encryption.
Regardless, Google doesn’t seem to be too keen on bringing end-to-end encryption to Authenticator very soon, which means that many users would rely on code syncing without additional security for a while at least.