Is it possible to steal the seed code that is used to create the google authenticator token in the app?
For example: If I added 2FA code for my reddit account in my google authenticator app using QR code scan option, and later my phone gets infected with an RAT or any such serious spyware or malware, will it be possible for the attacker to steal use my current 2FA otp to find out the seed phrase to my 2FA account?
there’s also a possibility that when I am about to transfer my authenticator codes to another phone using QR code transfer option, my RAT/Spyware infected phone’s screen can be visible to the attacker thus ultimately allowing the attacker to copy my QR code and have access to all my 2FA codes without my knowledge.
After all these stupid paranoid thoughts I am beginning to wonder is 2FA truly safe? Is google authenticator worth all the worship that it gets??
Same goes for apps like authy that backup your 2FA tokens, is it not possible to steal the seed phrases that are used to create these tokens in the first place? Can anyone not steal my 2FA codes using malwares?? doesn’t this require us to ultimately recreate all the 2FA tokens every once in a while to truly obtain virtual security??