{"id":51694,"date":"2023-04-26T14:41:45","date_gmt":"2023-04-26T14:41:45","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34551\/Googles-New-Two-Factor-Authentication-Isnt-End-To-End-Encrypted.html"},"modified":"2023-04-26T14:41:45","modified_gmt":"2023-04-26T14:41:45","slug":"googles-new-two-factor-authentication-isnt-end-to-end-encrypted","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/","title":{"rendered":"Google&#8217;s New Two-Factor Authentication Isn&#8217;t End-To-End Encrypted"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200\/9354bffcbe367a17f3bb8a4594c98ce0.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"sc-77igqf-0 fnnahv\">A new <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;Internal link&quot;,&quot;https:\/\/gizmodo.com\/how-to-easily-switch-your-two-factor-security-to-a-new-1821808681&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/gizmodo.com\/how-to-easily-switch-your-two-factor-security-to-a-new-1821808681\">two-factor authentication tool<\/a><\/span> from Google isn\u2019t end-to-end encrypted, which could expose users to significant security risks, a test by security researchers found.<\/p>\n<div class=\"sc-1needdh-1 eZHmRR\">\n<div class=\"sc-1needdh-0 jLsF instream-native-video instream-permalink instream-native-video--mobile\">\n<div class=\"sc-1h0epat-0 jzEBNo\">\n<div class=\"sc-1wkneyl-4 kDKXjm video-html5-playlist\" data-playlist=\"193940,190911,190298\" data-current=\"193940\">\n<div class=\"sc-1wkneyl-0 hAZDOz video-html5-loaded\">\n<div class=\"sc-1wkneyl-1 jShsAa video-html5-player\">\n<div class=\"sc-lhhce6-0 kCklUE video-html5 autoplay muted mobile\" data-video-id=\"193940\" data-monetizable=\"true\" data-position=\"sidebar\" data-video-title=\"Why Banning TikTok Won\u2019t Protect Our Privacy\" data-video-blog-id=\"4\" data-video-network=\"gizmodo\" data-video-duration=\"188\" readability=\"4.5\">\n<div class=\"sc-lhhce6-2 emBeiF video-top-bar\" readability=\"7\">\n<p>Why Banning TikTok Won\u2019t Protect Our Privacy<\/p>\n<\/div>\n<p><video disablepictureinpicture muted playsinline width=\"100%\" height=\"100%\" crossorigin=\"anonymous\" preload=\"none\"><source data-src=\"https:\/\/vid.kinja.com\/prod\/193940\/193940_240p.mp4\" label=\"240p\" type=\"video\/mp4\"><source data-src=\"https:\/\/vid.kinja.com\/prod\/193940\/193940_480p.mp4\" label=\"480p\" type=\"video\/mp4\"><source data-src=\"https:\/\/vid.kinja.com\/prod\/193940\/193940_720p.mp4\" label=\"720p\" type=\"video\/mp4\"><source data-src=\"https:\/\/vid.kinja.com\/prod\/193940\/193940_1080p.mp4\" label=\"1080p\" type=\"video\/mp4\"><track kind=\"captions\" label=\"English\" src=\"https:\/\/kinja.com\/api\/videoupload\/caption\/19403.vtt\" srclang=\"en\"><\/video><\/p>\n<div class=\"sc-1yhvqfu-3 ghtqRH video-controls\">\n<div class=\"sc-1yhvqfu-2 elBHkL\">\n<div class=\"sc-1sfctwm-2 fXTnmP closed-captions-box hide\">\n<div class=\"sc-1sfctwm-1 jglhFk\">\n<div class=\"sc-1sfctwm-0 hbyQRD\">\n<ul>\n<li class=\"selected\" data-label>Off<\/li>\n<li class data-label=\"English\">English<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">Google\u2019s Authenticator app provides unique codes that website logins may ask for as a second layer of security on top of passwords. On Monday, Google announced a long-awaited feature, which lets you sync Authenticator to a Google account and use it across multiple devices. That\u2019s great news, because in the past, you could end up locked out of your account if you lost the phone with the authentication app installed.<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">But when app developers and security researchers at the software company Mysk took a look under the hood, they found the underlying data isn\u2019t end-to-end encrypted.<\/p>\n<p class=\"sc-77igqf-0 fnnahv\">\u201cWe tested the feature as soon as Google released it. We realized that the app didn\u2019t prompt or offer an option to use a passphrase to protect the secrets,\u201d said Tommy Mysk, one of the researchers who uncovered the problem, in a conversation with Gizmodo.<\/p>\n<div class=\"sc-bxm4mm-7 jKZusJ\">\n<div class=\"sc-17kx9cd-5 kDVAgq\">\n<div class=\"sc-bxm4mm-0 cfXsIw\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">When Mysk and his partner Talal Haj Bakry analyzed the network traffic as the app synced with Google servers, they found the data is not not end-to-end encrypted.\u201cThis means that Google can see the secrets, likely even while they\u2019re stored on their servers,\u201d the Mysk team wrote on <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/twitter.com\/mysk_co\/status\/1651021165727477763&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/twitter.com\/mysk_co\/status\/1651021165727477763\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a><\/span>. In the security community, \u201csecrets\u201d is the term for credentials that work as a key to unlock an account or a tool.<\/p>\n<p class=\"sc-77igqf-0 fnnahv\">You can use Google Authenticator without tying it to your Google account or syncing it across devices, which avoids this issue. Unfortunately, that means it might be best to avoid a useful feature that users spent years clamoring for. \u201cThe bottom line: although syncing 2FA secrets across devices is convenient, it comes at the expense of your privacy,\u201d Mysk wrote. \u201cWe recommend using the app without the new syncing feature for now.\u201d<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">The tests found the unencrypted traffic contains a \u201cseed\u201d that\u2019s used to generate the two-factor authentication codes. According to Mysk, anyone with access to that seed can generate their own codes for your accounts and break in.<\/p>\n<p class=\"sc-77igqf-0 fnnahv\">\u201cIf Google servers were compromised, secrets would leak,\u201d Mysk said. Adding insult to injury, QR codes involved with setting up two-factor authentication also contain the name of the account or service (Amazon or Twitter, for example). \u201cThe attacker can also know which accounts you have. This is particularly risky if you\u2019re an activist and run other Twitter accounts anonymously.\u201d<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">But it\u2019s not just cyber criminals you need to worry about. \u201cGoogle or Google staff can access this data,\u201d Mysk said.<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">Google acknowledged that the data is not end-to-end encrypted, but said the security feature is coming at some point. <\/p>\n<p class=\"sc-77igqf-0 fnnahv\">\u201cEnd-to-End Encryption (E2EE) is a powerful feature that provides extra protections, but at the cost of enabling users to get locked out of their own data without recovery,\u201d said Christiaan Brand, group product manager at Google. \u201cTo ensure that we\u2019re offering a full set of options for users, we have also begun rolling out optional E2EE in some of our products, and we plan to offer E2EE for Google Authenticator in the future.\u201d Braand posted a <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/twitter.com\/christiaanbrand\/status\/1651279598309744640&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/twitter.com\/christiaanbrand\/status\/1651279598309744640\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter thread<\/a><\/span> with more details.<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">The lack of encryption means Google could in theory look at the data and learn what apps and services you use, which can be valuable for a number of purposes, including targeted ads. \u201cAllowing a tech giant thirsty for data like Google to establish a graph of all accounts and services each user has is not a good thing,\u201d Mysk said.<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\"> The issue comes as a surprise, given Google\u2019s history with similar tools. Google has a vaguely similar feature that lets you sync data from Google Chrome across devices. There, the company gives users <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/support.google.com\/chrome\/answer\/165139&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/support.google.com\/chrome\/answer\/165139\" target=\"_blank\" rel=\"noopener noreferrer\">the option to set up a password<\/a><\/span> to protect that data, keeping it away from prying eyes at Google and protecting it from anyone else who might intercept it. <\/p>\n<p class=\"sc-77igqf-0 fnnahv\"> \u201c2FA secrets are considered sensitive data, just like passwords. Google already supports passphrases for syncing Chrome data. So we expected that 2FA secrets be treated the same,\u201d Mysk said.<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\"><em>Update, Apr. 26, 3:45 pm EST:<\/em> This story has been updated with a comment from Google. <\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34551\/Googles-New-Two-Factor-Authentication-Isnt-End-To-End-Encrypted.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":51695,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10495],"class_list":["post-51694","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineflawgooglepasswordcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Google&#039;s New Two-Factor Authentication Isn&#039;t End-To-End Encrypted 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Google&#039;s New Two-Factor Authentication Isn&#039;t End-To-End Encrypted 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-26T14:41:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200\/9354bffcbe367a17f3bb8a4594c98ce0.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Google&#8217;s New Two-Factor Authentication Isn&#8217;t End-To-End Encrypted\",\"datePublished\":\"2023-04-26T14:41:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/\"},\"wordCount\":736,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted.jpg\",\"keywords\":[\"headline,flaw,google,password,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/\",\"name\":\"Google's New Two-Factor Authentication Isn't End-To-End Encrypted 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted.jpg\",\"datePublished\":\"2023-04-26T14:41:45+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted.jpg\",\"width\":1200,\"height\":675},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,flaw,google,password,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineflawgooglepasswordcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Google&#8217;s New Two-Factor Authentication Isn&#8217;t End-To-End Encrypted\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Google's New Two-Factor Authentication Isn't End-To-End Encrypted 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/","og_locale":"en_US","og_type":"article","og_title":"Google's New Two-Factor Authentication Isn't End-To-End Encrypted 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-26T14:41:45+00:00","og_image":[{"url":"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200\/9354bffcbe367a17f3bb8a4594c98ce0.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Google&#8217;s New Two-Factor Authentication Isn&#8217;t End-To-End Encrypted","datePublished":"2023-04-26T14:41:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/"},"wordCount":736,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted.jpg","keywords":["headline,flaw,google,password,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/","url":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/","name":"Google's New Two-Factor Authentication Isn't End-To-End Encrypted 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted.jpg","datePublished":"2023-04-26T14:41:45+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted.jpg","width":1200,"height":675},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/googles-new-two-factor-authentication-isnt-end-to-end-encrypted\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,flaw,google,password,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineflawgooglepasswordcryptography\/"},{"@type":"ListItem","position":3,"name":"Google&#8217;s New Two-Factor Authentication Isn&#8217;t End-To-End Encrypted"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51694"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51694\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/51695"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}