Techlore Talks Google Authenticator is a Literal Meme
11 snips
Apr 29, 2023 Discover the cringe-worthy updates to Google Authenticator and the risks of its new unencrypted cloud sync feature. Dive into the world of security keys like YubiKeys, exploring their privacy properties and whether it’s safe to leave them plugged into devices. Get first impressions on Proton Pass and its limitations, along with a discussion on the differences in autofill capabilities between iOS and Android. Lastly, hear about Brave Search’s shift to full independence and their strategy to stand out in the crowded search engine landscape.
AI Snips
Chapters
Transcript
Episode notes
Cloud Sync Undermines Authenticator Purpose
- Google Authenticator's new cloud sync sends 2FA secrets to Google without end-to-end encryption by default.
- That change undermines the offline security model that made authenticator apps valuable.
Don't Rely On Unencrypted Authenticator Sync
- Avoid relying on Google Authenticator until it offers end-to-end encryption or exportable seeds.
- Prefer open-source authenticators or ones that let you export seeds for migration and backups.
E2EE Later, Recovery Key Trade-Off
- Google plans to add end-to-end encryption later but may require recovery keys to avoid lockouts.
- Making E2EE optional repeats past industry trade-offs between security and account recovery.