I love when Google has my details to my Bank Accounts, it's like their not selling it to brokers!
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
PSA: Google Authenticator's Cloud-Synced 2FA Codes Aren't End-to-End Encrypted
- Thread starter MacRumors
- Start date
- Sort by reaction score
You think Google is going to let Apple put engineers in their data centers? Come on, I know "Google bad, Apple good" but that level of mental gymnastics causes synapse cramps.
To be fair, Apple Music is also a music store with social media features and provides personalized music recommendations. It needs to collect/store most of these kinds of info since it literally needs them to function. An authenticator app should require none of these things. If you look at Apple apps that don't need these data and compare them with similar apps in the same category, Apple's data collection is typically minimal.Wait until you see how much data is linked to you from this "wholesale collection" app
Apple Music
Apple Music is all about the music, with the highest audio quality; exclusive, in-depth content and unparalleled access to the artists you love–all ad-free. • Get unlimited access to 100 million songs. • Listen to personalized new releases and find out about big moments in music, handpicked by...apps.apple.com
View attachment 2194366
For example,
Apple Mail:
Versus Gmail:
Attachments
Last edited:
Has nothing to do with good or bad...
As the top customer, bringing in billions, you can demand a lot, including special treatment. Having your own people on site may be one of those things, but I don't know, maybe a data center specialist reading this can enlighten us if thats a possibility or not.
That can be the only reason that I see. I expect that after the Apple VS FBI thing a few years ago, national security letters have been written to all tech companies and we'll not see additional end to end encryption from any of them.
This is why it is so important to get side-loading. So smaller or open source entities can provide what is prohibited from the government.
That's not how any of this stuff works. Larger customers like Apple typically will run they own systems on top of Azure, AWS, Google Cloud etc. They are most likely not relying on the built-in tools created by cloud providers and are mainly purchasing compute and data storage capacities. And no, this doesn't necessarily need to involve special treatment (though Apple probably gets some given their size).
I don't see how that has anything to do with side loading. A lot of password /2FA apps on the App Store that has cloud syncing are end-to-end encrypted, not to mention iCloud Keychain has always been as well. Apple also recently added end to end encryption for the rest of iCloud as well, so it's definitely not prohibited (although I'm sure companies are getting push back from intelligence agencies when they do make these features).
Thats what I meant with leasing bare hardware. I just cannot imagine some Apple employee sitting at a desk in Cupertino, opening up the Google Drive webapp, selecting a bunch of iCloud folders and clicking upload 😄
Where exactly does Google store the backups? At least with Microsoft Authenticator, you can backup/sync to iCloud. Too bad Google Authenticator doesn't do the same, but I suppose that wouldn't be very Google-like of them.
It's also a bit unfortunate that a lot of companies (i.e. Nintendo) say to use Google Authenticator for 2FA...as if that's the only solution out there. There are plenty of other apps that will work with 2FA, but some people just don't know any better.
It's also a bit unfortunate that a lot of companies (i.e. Nintendo) say to use Google Authenticator for 2FA...as if that's the only solution out there. There are plenty of other apps that will work with 2FA, but some people just don't know any better.
Last edited:
You never know. Maybe Apple engineers falling asleep while dragging and dropping folders is why we have iCloud downtimes
I feel the exact opposite, just look at how many breaches have happened with aws customers! if aws had better default security policies most of those wouldnt have happened, I would much rather trust my data on GCP then any other cloud.
No one should trust LastPass at this point.
WTF. This is not acceptable at all. How is this such a small announcement? Many organizations rely on GCP for authentication and this shows a recklessness I would be nervous about.
echoing this. I switched to raivo a year or two ago and haven't looked back. Can't recommend it enough
Oohhh
Ooh, didn’t know that. Time to switch services, I think!
Shame the Keychain GUI is so “un-Apple”. I hope they make it a more useful and user-friendly app soon.
Ooh, didn’t know that. Time to switch services, I think!
Shame the Keychain GUI is so “un-Apple”. I hope they make it a more useful and user-friendly app soon.
Been using them for many years, without trouble (yes, I know they were hacked, more than once, and their PBKDF2 defaults were too weak - something I fixed on my account from day one). Hopefully now they're out from the GoTo shackles, that mess can be cleaned up. Would I have gone with them had I known what I know now, but it was between them and 1Password and the latter didn't have the features I wanted at the time.
Back on topic, thanks for the PSA, I'm currently using multiple 2FA apps. No idea why! Must consolidate (away from Google, probably).
Oops. Is there a way to turn the cloud sharing off and still use the app?
The new prison for dangerous convicts had no locks or doors.
In a statement the governor of the new prison said ’for convenience, we opened the prison early and started putting the prisoners in their cells. But don’t worry, locks and doors and cameras and all sorts of nice stuff is still on the way!’
In a statement the governor of the new prison said ’for convenience, we opened the prison early and started putting the prisoners in their cells. But don’t worry, locks and doors and cameras and all sorts of nice stuff is still on the way!’
I don't have much of a choice. My company enforces the use of LastPass for Business. I can choose to not use a password manager or use LastPass.