Dear Matrixport user,
We would like to highlight some potential risks associated with using Google Authenticator as your two-factor authentication (2FA) method, particularly in light of recent updates to the tool. The latest app version of Google Authenticator (6.0 on Android or 4.0 on iOS), now offers code synchronisation to the cloud. While this may seem convenient, enabling this feature could potentially increase the security risk of your account, as the synchronisation is not end-to-end encrypted.
Google Authenticator is a dynamic password tool for 2FA that stores your private key and generates a one-time password based on time dynamics. In light of its functionality, the following risks are present if code synchronisation to the cloud is enabled:
- When you enable cloud syncing, Google will back up your 2FA codes to the cloud. Without end-to-end encryption, there is a risk of key leakage during this process.
- If the Google account you use for 2FA is the same one linked to your Matrixport account, with cloud syncing enabled, your Matrixport account and any other account(s) associated with that email could be at risk should your Google account be compromised.
In view of the above, we strongly recommend that if you are using Google Authenticator as a 2FA method for Matrixport, that you either disable the code synchronisation to the cloud feature or consider switching to another key validator that employs encryption on the cloud.
How to Disable Cloud Syncing for Google Authenticator:
- Open the Google Authenticator app on your mobile device.
- Tap your profile photo.
- Select “Use without account”.
- Tap “Continue”.
Your security is our utmost priority. Should you have any questions or require further support, please contact our customer support team at Telegram (https://t.me/matrixport) or email (email@example.com).