Beware rogue 2FA apps in App Store and Google Play – don’t get hacked! 27 Feb 2023 by Paul Ducklin https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/ "... you can find an extensive, and tempting, range of authenticators just by searching for Authenticator app in Google Play or the App Store. The problem is that there is an improbable, perhaps even imponderable, number of such apps, all apparently endorsed for quality by their acceptance into Apple's and Google's official 'walled gardens'. In fact, friends of Naked Security @mysk_co just emailed us to say that they'd gone looking for authenticator apps themselves, and were somewhere between startled and shocked at what they found. Tommy Mysk, co-founder of @mysk_co, put it plainly and simply in an email: 'We analysed several authenticator apps after Twitter had stopped the SMS method for 2FA. We saw many scam apps looking almost the same. They all trick users to take out a yearly subscription for $40/year. We caught four that have near identical binaries. We also caught one app that sends every scanned QR code to the developer's Google analytics account.' "
Yes, it doesn't surprise me, I already figured out that most of these 2FA apps are probably fake and shady as hell. It's probably best to stick to the well known ones, like from Google, Microsoft and Authy.
i use 2FAs and the MS Authentificator (for work, mandatory). (authy failed here on firefox account when i started using it) and i wont pay any dime for this. it has reason to ask for recommended apps in such cases and not to test blind.
Using 2FA for a lot of things now, forced in to it. Also use Google Authenticator, again forced in to using it.
I assume you mean this app right, see link? It's also a lesser known company, but I wonder if rogue 2FA apps can actually hack into your account, I guess I must read the article again. https://2fas.com
