Security organization Dilation Effect shared 6 major suggestions regarding GA authentication on social platform X yesterday (13), including not storing the Key in the cloud, disabling GA APP cloud backup, etc.
Recently, exchanges Binance and OKX have successively reported incidents of user assets being stolen, prompting experts to recommend that users should enable 2FA dual authentication to protect their account security. However, a new incident arose when a Singaporean market maker, QuantMatter, used the GA authenticator for protection in offline mode but still fell victim to hackers who stole $11 million from its OKX account, causing concerns among investors.
Under normal circumstances, the offline Google Authenticator should not be accessible to hackers to obtain verification codes, further investigation is required for details.
Security organization “Dilation Effect” published a post on social platform X yesterday (13), emphasizing 6 key points to enhance user internet security when using Google’s GA authentication:
1. When binding GA, pay attention to the proper storage of the Key (which can be used for GA recovery). The Key can be securely stored by writing it down on paper or saving it in software like 1Password. Do not store it in the cloud.
The recommendation is to keep the Key in the most secure space without internet access.
2. Make sure to disable the cloud backup function of the GA APP to ensure that GA verification codes can only be viewed and obtained through your phone.
3. Use reliable GA APPs, including Google Authenticator, Microsoft Authenticator, Duo Mobile, Okta Verify, and ensure they are downloaded and installed from mainstream application markets.
4. Use GA through the recommended mobile APPs mentioned above, rather than using PC programs or browser plug-ins for convenience. Do not use applications like Authy Desktop, WinAuth, http://authenticator.cc, etc.
5. Google Authenticator can enable the “privacy protection screen” option, requiring Face ID or fingerprint to access the APP. This option can be enabled in settings.
6. Conditional users can use a dedicated offline mobile phone for GA. Additionally, GA is time-related, so only with accurate phone time settings can GA verification be conducted normally.
In conclusion, users are reminded by Dilation Effect to remain vigilant about their account passwords, personal information, and wallet private keys, to prevent losses in the face of threats from hackers and other malicious individuals in the current internet era.