A new version of Google Authenticator has recently been released with a cloud sync feature. Since this feature doesn't use end-to-end encryption, enabling cloud synchronization may increase the security risk for users using Google Authenticator.
Based on its characteristics, turning on the cloud sync feature has the following risks:
1. If you enable cloud synchronization, Google will back up your private key to the cloud, but the network transfer process is not end-to-end encrypted and there is a risk that the private key will be compromised during the transfer.
2. If your Google account is hacked, your password and private key are at security risk, and hackers may log into your exchange account and other accounts that require secondary authentication.
For the above reasons, if you are using Google Authenticator for secondary authentication on any exchange, we recommend that you turn off the Google Authenticator cloud sync feature or use another cloud-based encrypted private key authentication application.