Every 2FA works everywhere. The site has no idea if you are scanning the QR code with Google, Authy, andOTP, Aegis, or any other app. Hell, you could be writing down the shared secret and calculating your code by hand if there wasn't a time limit. The website doesn't know. All it cares about is the code you return.
strange, but yobit, for example, is not working with any authenticator. but google :
"Two-factor authorization (2fa) improves safety dramatically requesting not only login-password, but also special authorization code. Yobit.net uses 2fa of Google Authenticator utility. To use this possibility please download Google Authenticator on you mobile phone and scan QR-code."
i thought that every Authenticator should have own algo inside it, and on exchange there is a server part of app, while customer has a client part.
so once a customer scan the code which server gives him, they are synchronized to each other.
Open source doesn't mean anyone can edit it and push changes to the app stores. It means anyone can view the code and suggest changes. Changes still have to be agreed upon by the developers, and the community will see these changes before it goes live. Compare that with Google Authenticator which could have any code added to and everyone would be none the wiser. Just because it is released by Google doesn't automatically make it more trustworthy; in fact, I would trust it less. Google Authenticator also hasn't been updated in over 2 years. Not great.
but it is possible to copy the code, modify it, then create fishing site and distribute some bad app, right? it would be eliminated, yes, but some people can suffer.
I agree that we do not know what's inside google auth, but it is used very wide,so if there was a security breach I think it would be known already. I do not trust to google as well, but in given case I consider it as a less evil.
It works, sure, but it is the bare minimum. There is no way to export or back up your database. You can't encrypt or password protect access to it. Not to mention everything owned or developed by Google is spyware. It is a poor choice.
yeap, you are right, that luck of features is a problem, but i'm ok with that. I can't be sure if google auth is a spyware, cause I do not have access to its code. it could be a spyware with the same probability as it could be clean ))
it is not poor choice, I'd say it's careful choice, imo.