Google's 2FA Cloud Backup: Security Savior or Data Disaster?

Google's 2FA Cloud Backup: Security Savior or Data Disaster?

written by John Murphy | April 26, 2023

According to recent news, Google’s 2FA Cloud Backup update of Google endangers users to hacks. Google updates its popular authenticator app. This app stores the one-time code in its cloud storage. This app will also permit users to keep access to two-factor authentication.

In a blog post on 26 April, Google claimed that users are safe from a lockout, which results in increased security and convenience. Furthermore, Google said that codes store in the Google accounts of users.

Key Takeaways:

  • Google’s 2FA authenticator update stores codes in cloud storage, making users vulnerable to hacks and sim-swapping.
  • Using an old phone may be a solution to SMS 2FA issues.
  • The recent Coinbase lawsuit highlights the risk of sim-swapping scams resulting in significant financial losses.
  • Experts suggest exploring alternative authentication options due to the risks associated with SMS 2FA.
  • 2FA may have vulnerabilities, but it’s still better than having no additional authentication layer for finance and crypto-related services.

CryptoExpertz News took to Twitter and made an announcement that the new cloud backup of Google for 2FA authenticator endangers the user.

According to the post on Reddit to the r/cryptocurrency forum on 26 April, while this update helps those who lose their authenticator app on it, Redditor u/pojut stated that it also makes them more susceptible to hackers.

Moreover, securing it with cloud storage of the user’s Google account means the user’s password is accessible to anyone. Who also have full access to the authenticator-linked apps.

Google's 2FA Cloud Backup
Source: gsmarena

The user highlighted that using an old phone is a potential way around the SMS 2FA issue. These old phones use to house your authenticator app.

Similarly, the cloud storage-based solution of Google to 2FA results in complications, and Mysk, a cybersecurity developer, wars about these complications on Twitter.

Desiree took to Twitter and made an announcement that the 2FA authenticator of Google leaves users susceptible to hacks.

The user who uses a two-factor authenticator for logging in to finance-related services and crypto exchange could result in several concerns.

Sim Swapping is the most common identity fraud 2FA hack. By tricking the telecommunication provider’s telecommunication, the scammer controls the user’s phone by linking the number with their sim card.

DTM announced on Twitter that the 2FA authenticator update of Google endangers users with SIM-swapping scams and single-point hacks.

The most recent example is the legal action taken against Coinbase, a U.S.-based crypto exchange cryptocurrency. Where users lost 90% of their life savings after falling in such attacks. 

Although, a Reddit user stated that SMS 2FA is the only authentication option for cryptocurrency and fintech-related services. Users on Reddit explored the lawsuit and banned SMS 2FA.

Certik, a Blockchain Security firm, warns about the risk related to the SMS 2FA. The security expert Jesse Leclere said that the current use of 2FA is vulnerable, but also it is better than nothing.