1. 5

  2. 5

    FYI: This isn’t an attack on the Google Authenticator app itself, but rather the server side component of the 2FA setup. All TOTP generators suffer from the same algorithmic vulnerability, so you need to ensure your server can’t be given spoofed timestamps as that is a key part of TOTP.