Security agencies put forward some suggestions on the use of GA: Key should not be saved on the cloud disk, turn off the cloud backup function of the GA APP, etc
On June 13, the security agency Dilation Effect summarized several considerations for using Google Authenticator (GA):
1. When binding GA, pay attention to the proper storage of the key (the key can be used for subsequent GA retrieval); the key can be copied on paper and kept properly, or it can be stored in software such as 1Password; do not save it on the cloud disk.
2. Be sure to turn off the cloud backup function of the GA APP to ensure that the GA verification code can only be viewed and obtained through your mobile phone;
3. Use reliable GA apps, including Google Authenticator, Microsoft Authenticator, Duo Mobile, Okta Verify; and make sure to download and install from mainstream app stores.
4. Use GA through the mobile APP recommended above, instead of using PC programs or browser plug-ins for convenience. Do not use Authy Desktop, WinAuth, authenticator.cc, etc.
5.Google Authenticator can turn on the "Privacy Protection Screen" option, and use Face ID or fingerprint to enter the APP; you can turn this option on in the settings.
6. Conditional users can use a special mobile phone and use GA offline; GA is time-dependent, so only if the mobile phone time is set accurately can it pass the GA check normally.