October 12, 2021

Is Google authenticator fool proof?

Is it possible to steal the seed code that is used to create the google authenticator token in the app?

For example: If I added 2FA code for my reddit account in my google authenticator app using QR code scan option, and later my phone gets infected with an RAT or any such serious spyware or malware, will it be possible for the attacker to steal use my current 2FA otp to find out the seed phrase to my 2FA account?

there’s also a possibility that when I am about to transfer my authenticator codes to another phone using QR code transfer option, my RAT/Spyware infected phone’s screen can be visible to the attacker thus ultimately allowing the attacker to copy my QR code and have access to all my 2FA codes without my knowledge.

After all these stupid paranoid thoughts I am beginning to wonder is 2FA truly safe? Is google authenticator worth all the worship that it gets??

Same goes for apps like authy that backup your 2FA tokens, is it not possible to steal the seed phrases that are used to create these tokens in the first place? Can anyone not steal my 2FA codes using malwares?? doesn’t this require us to ultimately recreate all the 2FA tokens every once in a while to truly obtain virtual security??

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.