Home ยป Enhancing Organizational Security: Imbuing Google Authenticator’s Remarkable OTP Sync Features Throughout the Entire Enterprise

Enhancing Organizational Security: Imbuing Google Authenticator’s Remarkable OTP Sync Features Throughout the Entire Enterprise

Retool, a renowned low-code platform provider, recently reported about incidents in which malicious individuals gained partial access to internal systems. These individuals utilized phishing emails and phone calls, masquerading as employees to deceive staff members and obtain One-Time Passwords (OTP). Consequently, they were able to compromise the Google accounts of these employees.

However, Retool’s main concern lies in the introduction of a new feature – OTP sync for Google Authenticator. This feature, implemented earlier this year, allows OTP synchronization across devices. Retool criticizes this feature as it makes multi-factor authentication effectively reduced to a single factor, providing an avenue for malicious actors to gain unauthorized access to Google accounts and thereby compromising all aspects of the login process.

To address this issue, Retool urges Google to redesign their system, either by reducing cloud-based support for OTP synchronization or, at the very least, providing enterprise account administrators with the option to disable this feature within their organizations.

TLDR: Retool has raised concerns about the OTP sync feature in Google Authenticator, stating that it renders multi-factor authentication essentially useless and allows malicious individuals to compromise Google accounts. They recommend that Google either revise the design of the feature or allow administrators to disable it within organizations.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Foreign Operators Collaborate with AIS to Develop Open API for User Verification of Registered Apps and Phone Numbers.

Enhancing Security Measures: Google Cloud Set to Mandate Universal MFA Login by 2025

Enhanced Security Features in RHEL 9.4: Passkey Authentication Eliminates the Need for Passwords