Google Authenticator still syncs two-factor authentication secrets without E2EE. If you enable cloud syncing, this means:

1️⃣ Google can read the secrets and generate one-time passwords for your accounts
2️⃣ Google knows the services you use
3️⃣ #Google knows your usernames
4️⃣ Given a court order, Google is obliged to hand over this data to law enforcement

#Privacy #privacymatters #CyberSecurity #infosec
defcon.social/@mysk/1102623132

@mysk
I for one would NEVER use #Google Auth. I would NEVER use Google for anything relevant for #security or #privacy. I would NEVER use Google at all. I refuse to correspond to gmail. And so forth.

Follow

@PC_Fluesterer @mysk I'm with you here. I tried to explain this to our HR department that there exist people who want to and can live without . Got weird responses.

@PC_Fluesterer @mysk Basically: "There are no such people. Not in the business world."

But I am a people (should have been my response)

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.