#2FA: I’m using the Google Authenticator app but I’d like to replace it. Which 2FA app should I give a try instead? I’d much prefer something open source.
Remember when Google Authenticator started syncing 2FA codes to the cloud? Companies are now getting hacked thanks to this "feature". An attacker gained access to a GSuite account via phishing and could then just use the 2FA codes that were previously only residing on employees phones.
If you are using cloud sync on Google Authenticator, don’t. The syncing process is unencrypted, which is bad because Google can see them. If Google’s server get hacked, an attacker can gain access to them.
End to End Encryption will eventually come, but I would avoid Google Authenticator and use something else.