Google has confirmed it plans to bring end-to-end encryption (E2EE) to Google Authenticator sync, a noticeable omission from the product’s launch.
Google recently upgraded Authenticator to include sync functionality, giving users the ability to sync their two-factor authentication (2FA) tokens across their devices. E2EE was noticeably absent, however, raising serious issues about the service’s security.
Google’s Christiaan Brand has addressed the concerns, reassuring users that E2EE is planned.
It’s nice to know that Google plans on implementing E2EE in Authenticator’s sync functionality, but it should have been included from day one. E2EE protects sensitive data so that no one can access and use it, even if the server it resides on is compromised and the data stolen.
Given the importance and security implications of 2FA tokens, it’s hard to imagine what Google was thinking releasing the sync functionality without E2EE.