The very recent oopsie whoopsie by Google has got to be one of the very worst ever:
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
[...]
We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.
Wow, welp, I was interested in using this feature but if it's not encrypted on-device with my own keys, then no thanks, I'll just continue keeping a pile of recovery codes in my safe deposit box.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The very recent oopsie whoopsie by Google has got to be one of the very worst ever:
Source: twitter.com/mysk_co/status/1651021...
Google has since announced that they have plans to offer proper encryption "down the line" 🤠
Source: twitter.com/christiaanbrand/status...
Wow, welp, I was interested in using this feature but if it's not encrypted on-device with my own keys, then no thanks, I'll just continue keeping a pile of recovery codes in my safe deposit box.