Google Authenticator to get E2EE following complaints it is now less secure

A padlock icon next to a person working on a lapto
(Image credit: Shutterstock)

It appears the new 2FA account cloud-syncing feature in Google Authenticator isn't end-to-end encrypted, but this feature will be coming at a later date.

Google recently updated its authenticator app to allow users to back up their saved accounts that require a Time-based One Time Passcode (TOTP) to authenticate their login, meaning that they can now easily transfer them to a new device. 

However, security researchers Mysk sent out a tweet advising against turning on this functionality, as it isn't end-to-end encrypted, meaning that Google or a third-party if the tech giant is breached, could see your codes. 

Convenience trade-off

End-to-end encryption is a security and privacy enhancing feature that obfuscates sensitive content so that it can only be decoded with a key, such as a password. For instance, it is the cornerstone of popular messaging app such as WhatsApp, ensuring that content can only ever be seen by the sender and receiver - not even WhatsApp itself can take a peek. 

Christiaan Brand, Product Manager for identity and Security, defended the omission by saying that the tech giant's "goal is to offer features that protect users, BUT are useful and convenient."

He added that "We encrypt data in transit, and at rest, across our products, including in Google Authenticator. E2EE... provides extra protections, but at the cost of enabling users to get locked out of their own data without recovery."

However, he also said that E2EE will be coming to various Google products, including now the authenticator, sometime "down the line". He noted too that the app can still be used offline without having to sync 2FA accounts to their Google Account. 

If you are using the Google Authenticator, then you may be using it conjunction with the Google Password Manager. While it isn't our choice as the best password manager, it does allow for on-device encryption, which means that your own device stores the key internally to unlock access to your vault. Also, Google says that this key is used to "lock your passwords before they’re saved to Google Password Manager", which means that, like end-to-end encryption, your passwords cannot be seen Google or anyone else but you. 

Google does caution, though, that this means that "if you lose the key, you could lose your passwords too.” But this on-device decryption could be part of the push from Google and other big tech firms to ditch passwords altogether in favor of passkeys, which they want to be future of credential security.

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
Person using a tablet in an office
Best authenticator app of 2025
Isometric demonstrating multi-factor authentication using a mobile device.
Google is ditching SMS - and will now use QR codes for Gmail account authentication
Actalis SSL encryption
Apple is right not to bow down to the UK government's encryption backdoor request - but users should still be angry
Person using finger print authentication
Passwords out, passkeys in: The future of secure authentication
Google Pixel 9 Pro
Google Password Manager may be set to introduce a nuclear option for its Android app
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Lenovo | Thinkpad T14s Gen 6 Snapdragon
Windows 11’s latest patch declares war on BIOS updates for some Lenovo laptops, blocking them as a security risk in a bizarre turn of events
Tomodachi Life: Living the Dream screenshot showing a Mii smelling some fresh flowers.
Tomodachi Life: Living the Dream is a sequel to my favorite 3DS game, and I think it's already packing the charm that inZOI lacks
Google Pixel Watch 3 side dial and button
Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes