pull down to refresh

Do NOT use Google Authenticator! So many mistakes in this story but that one sticks out to me as one many may not be aware of.
attackers had used his Gmail account to gain access to his Coinbase account from a VPN connection in California, providing the multi-factor code from his Google Authenticator app. Unbeknownst to him at the time, Google Authenticator by default also makes the same codes available in one’s Google account online.
As many people have said, IF you are going to use google authenticator, make sure it doesn't sync to the cloud.
reply
Yeah, for sure. But if there's a bug you are screwed. I like using an open source non-cloud solution.
These stories suck but it seems like the only way humans learn is through pain.
reply
the thing about Google is that it's always doing updates and opting in automatically
avoiding Google is a great policy
reply