Google Authenticator could get end-to-end encryption “down the line”

Google says it has no immediate plans to add end-to-end encryption (E2EE) to its Authenticator app, but the company’s product manager Christiaan Brand says it will offer the feature in the future.

His words came in response to criticism from security researchers over Google’s failure to include the feature in its account-syncing update for Authenticator.

He said the company “plans to offer E2EE for Google Authenticator down the line”.

“Right now, we believe that our current product strikes the right balance for most users and provides significant benefits over offline use,” said Brand.

“However, the option to use the app offline will remain an alternative for those who prefer to manage their backup strategy themselves.”

He highlighted the risk of users being locked out of their data without any means of recovery.

“We encrypt data in transit, and at rest, across our products, including in Google Authenticator,” said Brand.

“E2EE is a powerful feature that provides extra protections, but at the cost of enabling users to get locked out of their own data without recovery.”

While being a welcome change, Google’s account-syncing update for Authenticator raised some security concerns as attackers that breach someone’s Google account could potentially gain access to several other accounts.

However, if E2EE were to be implemented for Authenticator, malicious actors and other third parties, including Google, wouldn’t be able to see this information.

Now read: South Africa in world’s top 5 worst countries for cybercrime

Don't miss the latest news

• Add MyBroadband as a preferred source in Google Search
• Follow MyBroadband on Google News