Switch From Google Authenticator to a More Secure 2FA App
According to a recent report from Nightwatch Cybersecurity , the Google Authenticator app for Android has an unresolved issue that could create a big security nightmare if you have any malware or other non-standard apps installed on your device. (The Microsoft Authenticator app for Android also has the same issue, so don’t switch to that app just yet.)
Both apps, at the time of this writing, do not use the Android FLAG_SECURE setting, which prevents other apps (and you) from taking screenshots. Don’t believe me? Open Google Authenticator on Android and take a screenshot by holding down the power button + bottom volume button. Boom. Screenshot. Try this in an app like Authy and you can hold down the buttons for as long as you want – nothing.
While Google will definitely fix this issue at some point, Authy is a much better app for managing your 2FA codes anyway. Not only can you secure your app with additional verification steps – so that someone tinkers with your unlocked device, can’t access your codes without your input – but deploying an app across multiple devices is easy. Once you’ve installed the app on a new device and verified that you are, all your 2FA codes synced on your main device will automatically appear on your new one. You now have two devices that you can use when logging into websites and services, and it took you about as long to set up as it did to download Authy in the first place.
If you don’t want to use Authy for any reason, you should at least check if your authenticator app allows you to take screenshots or not. If so, think of something else; if not, then it is probably safe to use (r).